WebSleuth is an early release of a tool we hope will be part of a suite of tools including source code analyzers, that will support the Testing Framework being developed at OWASP (http://www.owasp.org) next year. WebSleuth allows you to edit HTTP and HTML requests on the fly in real-time. It is built to help a user manually understand various security issues of his / her system. It is not intended to replace or compete with commercial tools, and there is certainly no shiny red-button automating attacks. However it is an investigative learning tool that with some patience and knowledge, helps you to find and learn about issues you may have in your web applications. WebSleuth can be downloaded from http://www.owasp.org/resources/tools/. Please save us all the bandwidth and only download the installer package if you don't have the VB dll's. The first releases implements many features including the ability to test and report: Parameter Manipulation -Cookies -Form Fields (including hidden) -URL Query Strings -HTTP Headers (referrer etc) Informational -Comments -Meta Tags Input Validation -Cross Site Scripting -Client-Side Validation WebSleuth is open source and is subject to the OWASP Software license. It was written in Visual Basic to take advantage of the MS Internet Explorer object avoiding the need for a reverse proxy. It currently only runs on Win32 and should be seen as proof of concept. The lead developer is David Zimmer who can be contacted at dzzieat_private A new release this week will automate the testing for cross site scripting in any user input to a web application. As with any open source projects, we welcome your ideas, input and improvements. Suggestions for features or to participate in developing the tool, please email owaspat_private and dzzieat_private or better still the webappsec@securityfocus list. If you are interested in sponsoring the further development of this open source project, please contact owaspat_private Kind regards, owaspat_private "Building Blueprints to Secure Web Applications"
This archive was generated by hypermail 2b30 : Mon Nov 26 2001 - 08:00:40 PST