[Owasp-austin] List/group active?

Matthew Franz mdfranz at gmail.com
Wed Jun 28 17:32:40 EDT 2006


I have used it but not to its full extent and mostly just to show a
client how easy it is bypass browser-based validation, GUI's look
better for demos.

I'd love to hear about "advanced" usage, beanshell scripting, fuzzing,
etc. -- altough I've found that it is easier to write that stuff from
scratch (currently using Jython + jakarta httpclient)

I would be interested and could contribute to
discussions/presentations on J2EE & struts "stuff."

And threat modeling (especially if anyone is actually using it and
clients find it useful).

- mdf

On 6/28/06, Brooks, Brian J. <brian.brooks at trinitysecuritygroup.com> wrote:
> I am very much interested in AJAX Security as well however, I have never
> used WebScarab in a "real world" scenario.  I like hear someone experiences
> in WebScarab as well.
>
> Regards,
>
> Brian J. Brooks
> Sr. Security Engineer
> Mobile: 303-507-9991
> Fax: 1-866-701-4951
> Trinity Security Group
> http://www.trinitysecuritygroup.com
>
> There is nothing to fear but fear itself!
> Franklin D. Roosevelt
>
>
>
>
>
> -------- Original Message --------
> Subject: Re: [Owasp-austin] List/group active?
> From: "Dan Cornell" <dan at denimgroup.com>
> Date: Wed, June 28, 2006 3:11 pm
> To: <owasp-austin at lists.owasp.org>
>
> > I am really interested in AJAX Security and any new updates
> > in the application vulnerability testing space... If anyone
> > is using WebScarab etc would be good to here real world examples etc..
> >
>
>
> If you are interested in AJAX security, I would point you toward the
> open source sprajax tool I wrote a while back:
> <http://www.denimgroup.com/sprajax/>
>
> It only has support for Microsoft Atlas right now, but I am about to
> release support for the Google Web Toolkit.  "Almost" is a relative term
> as I have been trying to find the time to finish this support for a
> copule of weeks now...  In any case I think the underlying idea is sound
> (footprint and fuzz AJAX applications to find technical application
> vulnerabilities).
>
> I also did an AJAX security presentation for the San Antonio OWASP and
> the slide deck can be found here:
> <http://www.denimgroup.com/knowledge/>
> Look down the page for "Here We Go Again"  This presentation talks about
> AJAX security in general and then talk about the architecture for
> sprajax.
>
> Depending on what folks want to do I could give an updated version of
> that presentation before too much longer.
>
> Thanks,
>
> Dan
> _______________________________________________
> Owasp-austin mailing list
> Owasp-austin at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-austin
> _______________________________________________
> Owasp-austin mailing list
> Owasp-austin at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-austin
>
>
>


-- 
Matthew Franz
http://www.threatmind.net



More information about the Owasp-austin mailing list