OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Mark Curphey (markcurphey.com)
Date: Sun Jan 13 2002 - 19:55:22 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    Nothing sinister, this really was just a case of bad timing.

    Sleuth was just a proof of concept and the brain child of one person (Dave
    Zimmer). It was designed to be an interactive web browser that exposed some
    HTTP. As things got underway at OWASP, we have determined we need (and been
    asked by the community) to build a more automated open source web
    application security testing tool that is cross platform. As such it is
    likely to be built in Java and will be able to test all issues identified in
    the OWASP ASAC project (http://www.owasp.org/projects/asac/), like
    canonicalization for instance. It will also support testing against the
    requirements project and will support the testing framework, projects both
    only just started. This is likely to be at least six months away.

    To try and morph Sleuth into such a package would be like trying to convert
    a 4x4 into a sports car, so we all decided it would be best to keep Sleuth
    doing what it was designed to do and start from scratch with the new project
    so that we have a clean robust foundation to build upon.

    Sleuth and the plugins are all back at Dave Zimmers site
    (http://geocities.com/dzzie/sleuth)

    -----Original Message-----
    From: shawn merdinger [mailto:dingergslis.utexas.edu]
    Sent: Sunday, January 13, 2002 5:40 PM
    Cc: vuln-devsecurityfocus.com; webappsecsecurityfocus.com
    Subject: Re: Developerstore.com expose critical customer info

    Looks like it's still on the Russian mirror:

    <http://SecurityLab.ru/_Tools/websleuthInstaller-1.1.2.zip>

    -scm

    On Sat, 12 Jan 2002, Jeremiah Grossman wrote:

    > WebSlueth was removed from OWASP because of this incident?
    > Can someone "in the know" shed some light on this and explain
    > if there is any truth to this.... (how does one relate to the other?)
    >
    > I did confirm the URL where WebSleuth was available from:
    > http://www.owasp.org/resources/tools/index.shtml
    > does indeed have it taken down... citing:
    >
    > "This site is temporarily down for maintenance, please check back later"
    >
    >
    >
    > Jeremiah Grossman
    >
    >
    >
    > c c wrote:
    >
    > > It seems that the post cause some undesired efects
    > > (Websleuth removed from OWASP, etc.), i'm really sorry
    > > it was not my intention.
    >