WebApp Sec mailing list archives

Re: RE: Re; Comparison report on web app security scanners

From: ma.huijuan () gmail com
Date: 15 May 2006 09:25:14 -0000

I agree with your comments, especially on the part that scanners can hardly find design flaw. I remember I encountered 
one case in which the session id is sequential; the scanner did not even pick up such an obvious flaw. In another case, 
after user login, the user id is embdeded as hidden value and used to authenticate the user. And the scanner failed to 
pick this up again.


-------------------------------------------------------------------------
Sponsored by: Watchfire

Methodologies & Tools for Web Application Security Assessment
With the rapid rise in the number and types of security threats, web 
application security assessments should be considered a crucial phase in 
the development of any web application. What methodology should be 
followed? What tools can accelerate the assessment process? 
Download this whitepaper today!

https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h
--------------------------------------------------------------------------

Current thread:

Re; Comparison report on web app security scanners jack.jonburg (May 12)
- <Possible follow-ups>
- RE: Re; Comparison report on web app security scanners Holger.Peine (May 15)
- Re: RE: Re; Comparison report on web app security scanners ma . huijuan (May 15)
- RE: RE: Re; Comparison report on web app security scanners Martin O'Neal (May 15)