WebApp Sec mailing list archives
Re: RE: Re; Comparison report on web app security scanners
From: ma.huijuan () gmail com
Date: 15 May 2006 09:25:14 -0000
I agree with your comments, especially on the part that scanners can hardly find design flaw. I remember I encountered one case in which the session id is sequential; the scanner did not even pick up such an obvious flaw. In another case, after user login, the user id is embdeded as hidden value and used to authenticate the user. And the scanner failed to pick this up again. ------------------------------------------------------------------------- Sponsored by: Watchfire Methodologies & Tools for Web Application Security Assessment With the rapid rise in the number and types of security threats, web application security assessments should be considered a crucial phase in the development of any web application. What methodology should be followed? What tools can accelerate the assessment process? Download this whitepaper today! https://www.watchfire.com/securearea/whitepapers.aspx?id=701300000007t9h --------------------------------------------------------------------------
Current thread:
- Re; Comparison report on web app security scanners jack.jonburg (May 12)
- <Possible follow-ups>
- RE: Re; Comparison report on web app security scanners Holger.Peine (May 15)
- Re: RE: Re; Comparison report on web app security scanners ma . huijuan (May 15)
- RE: RE: Re; Comparison report on web app security scanners Martin O'Neal (May 15)