('binary' encoding is not supported, stored as-is) @stake WebProxy - The Interactive Application Security Testing Tool WebProxy is a powerful interactive security tool that helps software developers, quality engineers, and security professionals test and enhance the security of Web applications. Sitting between the developer's browser and the Web application, WebProxy acts as a 'proxy' to let the developer observe precisely how the Web application responds to staged attacks, such as those that use buffer overflows, SQL injection, cookie manipulation, cross-site scripting or parameter manipulation. By identifying security vulnerabilities while the software is still in development, companies can more cost-effectively improve the overall security of any Web application. Designed to act as an HTTP/HTTPS proxy server, @stake WebProxy allows monitoring and manipulation of requests made by the browser to the Web application. WebProxy has powerful automation to spider an entire website, test for known vulnerabilities, and even find unknown vulnerabilities in custom code. Features and benefits: Re-submission and on-the-fly editing of previous requests, which allows the developer to test custom application attack scenarios. Editing capabilities include support for parsing of query parameters, request headers, and POST parameters, as well as cookie editing. Requests can be automatically modified based on a matching regular expression for ease-of- use. Logging of requests and replies to text files, allowing the developer to maintain a record of past requests for use in regression testing. Dynamic certificate generation, enabling transparent support for testing SSL-enabled applications. Cookie management, hashing, and decoding utilities, providing a convenient interface for analyzing encoded application traffic. Quashing of header parameters, allowing the developer to observe how the application reacts when certain headers are missing. Automated fault injection or "fuzzing" of request parameters, which can be used to test for SQL injection, directory traversal, cross-site scripting, buffer overflows and character set vulnerabilities. Support for Proxy Chaining, which allows WebProxy to be used in conjunction with existing proxy servers. New in version 2.1: Spidering traverses all links to any depth on a website and finds forms and pages with errors. Categorized browsing allows automated testing for known vulnerabilities and configuration errors. NTLM authentication allows testing of websites that use Windows NTLM authentication. More information and download available at http://www.atstake.com/webproxy/
This archive was generated by hypermail 2b30 : Sun Apr 27 2003 - 09:09:37 PDT