OWASP - WebSleuth

From: Mark Curphey (markat_private)
Date: Sun Nov 25 2001 - 23:47:46 PST

Next message: patrik.karlssonat_private: "iXsecurity.tool.smbat.1.0.4"

Previous message: patrik.karlssonat_private: "iXsecurity.tool.ipr.1.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

WebSleuth is an early release of a tool we hope will be part of a suite of
tools including source code analyzers, that will support the Testing
Framework being developed at OWASP (http://www.owasp.org) next year.
WebSleuth allows you to edit HTTP and HTML requests on the fly in real-time.
It is built to help a user manually understand various security issues of
his / her system. It is not intended to replace or compete with commercial
tools, and there is certainly no shiny red-button automating attacks.
However it is an investigative learning tool that with some patience and
knowledge, helps you to find and learn about issues you may have in your web
applications.

WebSleuth can be downloaded from http://www.owasp.org/resources/tools/.
Please save us all the bandwidth and only download the installer package if
you don't have the VB dll's.

The first releases implements many features including the ability to test
and report:

Parameter Manipulation
-Cookies
-Form Fields (including hidden)
-URL Query Strings
-HTTP Headers (referrer etc)

Informational
-Comments
-Meta Tags

Input Validation
-Cross Site Scripting
-Client-Side Validation

WebSleuth is open source and is subject to the OWASP Software license. It
was written in Visual Basic to take advantage of the MS Internet Explorer
object avoiding the need for a reverse proxy. It currently only runs on
Win32 and should be seen as proof of concept. The lead developer is David
Zimmer who can be contacted at dzzieat_private

A new release this week will automate the testing for cross site scripting
in any user input to a web application.

As with any open source projects, we welcome your ideas, input and
improvements. Suggestions for features or to participate in developing the
tool, please email owaspat_private and dzzieat_private or better still the
webappsec@securityfocus list.

If you are interested in sponsoring the further development of this open
source project, please contact owaspat_private

Kind regards,

owaspat_private

"Building Blueprints to Secure Web Applications"

Next message: patrik.karlssonat_private: "iXsecurity.tool.smbat.1.0.4"
Previous message: patrik.karlssonat_private: "iXsecurity.tool.ipr.1.0.0"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 08:00:40 PST