Re: Beta release of the Oedipus Web Application Scanner is released

[Justin Clarke <justin () justinclarke com>]

The link was left off - it is available from http:// 
oedipus.rubyforge.org

Thanks

On 7 Apr 2006, at 16:53, Justin Clarke wrote:

> The Oedipus Web Application Scanner project (disclaimer - I have been
> involved in it's development) has just released it's first public beta
> release - version 1.8.1. Oedipus is a penetration testing focused  
> tool,
> designed for penetration testers and for technical security or web
> development folks to test their applications for web application
> security issues. It deviates from many of the commercial tools in  
> that:
>
>       * Oedipus does not claim to be a one stop testing tool that will
>         find every type of hole in your applications. It is, however,
>         pretty good at finding the low hanging fruit so you can spend
>         your time finding the really nasty problems manually
>       * Oedipus has some exploitation functionality built in,  
> especially
>         for SQL injection at this point, for generating working  
> exploits
>         for web application vulnerabilities. After all, the best  
> way to
>         show the business impact of an issue is to show it is
>         exploitable
>       * It's free, open source, and pretty easy to extend through the
>         use of it's plugin architecture
>
> From the blurb - "Oedipus is an open source web application security
> analysis and testing suite written in Ruby by Pentration Testers for
> Penetration Testers. It is capable of parsing different types of log
> files off-line and identifying security vulnerabilities. Using the
> analyzed information, Oedipus can dynamically test web sites for
> application and web server vulnerabilities"

Attachment: smime.p7s
Description: