Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
From: Mark Curphey (markcurphey.com)
Date: Sun Dec 02 2001 - 21:15:41 CST
David Zimmer (dzzieowasp.org) has been putting in some serious late
nights this week and has created Alpha 1.1 of WebSleuth. This release
incorporates the ability to load plugins, enabling other contributors to
develop and share specific checks they want to see. We've gotta thank
Dave for his sooooooperb efforts.
Forms Testing Plugin - The first plugin which is in the distribution to
demonstrate the plugin interface is a Forms Tester that can be used to
test for Cross Site Scritping among other things.
Under development are three other plugins, a SQL injection plugin by
Chip Andrews of SQLSecurity.com, and session ID predictors and a file
and application enumeration plug-in (will be similar to Whisker) being
developed by Daved Endler of Idefense.com.
I think Dave is also looking at HTTP authentication this week and was
considering the joys of a spider as well as generic parameter
manipulation. If you have ideas on how to improve this proof of concept
tool, then please mail Dave directly at dzzieowasp.org and if you are
interested in writing a plugin, Dave can fill you in on the gruesome
You can download WebSleuth Alpha 1.1 from;
We will be setting up a Sourceforge site this week for dev builds which