|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [Dailydave] bugs are bad.
From: Kevin Johnson (kjohnson
secureideas.net)
Date: Mon Jul 31 2006 - 21:06:44 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Jul 31, 2006, at 4:17 PM, Dave Aitel wrote:
> I need to
> browse them, and then store and manipulate different data in a lot of
> different ways. I want to draw a circle around some blocks that
> represent queries and say "This is the login sequence - go do this a
> thousand times and tell me what the cookies are like, and while you're
> at it try every other query in this other group afterwards". Then I
> want to draw a circle around the "order a widget" sequence and say
> "try this in every possible order after logging in and let me know if
> anything weird happens". Essentially I think the whole idea of storing
> a site based on it's "pages" is broken. GET /bob.php?method=login is
> very different from method=logout. Same "page", different code paths.
> But today's scanners can't help me. And I think this is because
> they're making tons of money rather than being useful to people who
> know what they're doing.
>
> - -dave
Well, there is a small group of us hat aren't making a ton of money and
are trying to work out this issue. It started as trying to
automatically build a
default deny configuration generator for mod_security and has grown
a bit beyond that..... Wasn't sure if anyone else was
interested...<grin>
Kevin
---------------------
BASE Project Lead
http://base.secureideas.net
The next step in IDS analysis!
_______________________________________________
Dailydave mailing list
Dailydavelists.immunitysec.com
http://lists.immunitysec.com/mailman/listinfo/dailydave
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]