Nothing sinister, this really was just a case of bad timing. Sleuth was just a proof of concept and the brain child of one person (Dave Zimmer). It was designed to be an interactive web browser that exposed some HTTP. As things got underway at OWASP, we have determined we need (and been asked by the community) to build a more automated open source web application security testing tool that is cross platform. As such it is likely to be built in Java and will be able to test all issues identified in the OWASP ASAC project (http://www.owasp.org/projects/asac/), like canonicalization for instance. It will also support testing against the requirements project and will support the testing framework, projects both only just started. This is likely to be at least six months away. To try and morph Sleuth into such a package would be like trying to convert a 4x4 into a sports car, so we all decided it would be best to keep Sleuth doing what it was designed to do and start from scratch with the new project so that we have a clean robust foundation to build upon. Sleuth and the plugins are all back at Dave Zimmers site (http://geocities.com/dzzie/sleuth) -----Original Message----- From: shawn merdinger [mailto:dingerat_private] Sent: Sunday, January 13, 2002 5:40 PM Cc: vuln-devat_private; webappsecat_private Subject: Re: Developerstore.com expose critical customer info Looks like it's still on the Russian mirror: <http://SecurityLab.ru/_Tools/websleuthInstaller-1.1.2.zip> -scm On Sat, 12 Jan 2002, Jeremiah Grossman wrote: > WebSlueth was removed from OWASP because of this incident? > Can someone "in the know" shed some light on this and explain > if there is any truth to this.... (how does one relate to the other?) > > I did confirm the URL where WebSleuth was available from: > http://www.owasp.org/resources/tools/index.shtml > does indeed have it taken down... citing: > > "This site is temporarily down for maintenance, please check back later" > > > > Jeremiah Grossman > > > > c c wrote: > > > It seems that the post cause some undesired efects > > (Websleuth removed from OWASP, etc.), i'm really sorry > > it was not my intention. >
This archive was generated by hypermail 2b30 : Sun Jan 13 2002 - 20:56:56 PST