WebApp Sec mailing list archives
Re: Beta release of the Oedipus Web Application Scanner is released
From: Justin Clarke <justin () justinclarke com>
Date: Sat, 8 Apr 2006 20:17:22 +0100
The link was left off - it is available from http:// oedipus.rubyforge.org
Thanks On 7 Apr 2006, at 16:53, Justin Clarke wrote:
The Oedipus Web Application Scanner project (disclaimer - I have been involved in it's development) has just released it's first public betarelease - version 1.8.1. Oedipus is a penetration testing focused tool,designed for penetration testers and for technical security or web development folks to test their applications for web applicationsecurity issues. It deviates from many of the commercial tools in that:* Oedipus does not claim to be a one stop testing tool that will find every type of hole in your applications. It is, however, pretty good at finding the low hanging fruit so you can spend your time finding the really nasty problems manually* Oedipus has some exploitation functionality built in, especially for SQL injection at this point, for generating working exploits for web application vulnerabilities. After all, the best way toshow the business impact of an issue is to show it is exploitable * It's free, open source, and pretty easy to extend through the use of it's plugin architecture From the blurb - "Oedipus is an open source web application security analysis and testing suite written in Ruby by Pentration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities"
Attachment:
smime.p7s
Description:
Current thread:
- Beta release of the Oedipus Web Application Scanner is released Justin Clarke (Apr 07)
- Re: Beta release of the Oedipus Web Application Scanner is released Justin Clarke (Apr 09)