[Owasp-austin] List/group active?

Dan Cornell dan at denimgroup.com
Wed Jun 28 16:11:01 EDT 2006


 

> I am really interested in AJAX Security and any new updates 
> in the application vulnerability testing space... If anyone 
> is using WebScarab etc would be good to here real world examples etc..
> 


If you are interested in AJAX security, I would point you toward the
open source sprajax tool I wrote a while back:
<http://www.denimgroup.com/sprajax/>

It only has support for Microsoft Atlas right now, but I am about to
release support for the Google Web Toolkit.  "Almost" is a relative term
as I have been trying to find the time to finish this support for a
copule of weeks now...  In any case I think the underlying idea is sound
(footprint and fuzz AJAX applications to find technical application
vulnerabilities).

I also did an AJAX security presentation for the San Antonio OWASP and
the slide deck can be found here: <http://www.denimgroup.com/knowledge/>
Look down the page for "Here We Go Again"  This presentation talks about
AJAX security in general and then talk about the architecture for
sprajax.

Depending on what folks want to do I could give an updated version of
that presentation before too much longer.

Thanks,

Dan



More information about the Owasp-austin mailing list