[Owasp-board] Fwd: Building the Ultimate Open Source Web App Scanner!!!

dinis cruz dinis.cruz at owasp.org
Thu Mar 6 12:09:39 UTC 2008


Following Tom's recent email about an OWASP web application scanner, see the
attached PPT for the framework that me and Mark Curphey come up with when we
worked on this for a while.

Mark did put quite a bit of energy into this and almost got 80k from
Foundstone to sponsor the development of this tool.

There was an attempt to try to develop this  in .NET (pre Seasons of Code)
which didn't produce meaningful results

Dinis

On 10/11/06, Dinis Cruz <dinis at ddplus.net> wrote:
>
> Following our IM chat, here is something that I created two years ago for
> Mark :) which contains some ideas about a possible architecture.
>
> Today, I would actually take this even further and make all components
> (even the ones inside the 'beretta_kernel.dll') independent (communicating
> between then via xml)
>
> Dinis
>
> On 10/10/06, Mark Curphey <mark at curphey.com> wrote:
> >
> >  Cool. I'll be online.
> >
> >
> >
> > MSN mark at curphey.com
> >
> >
> >
> > *From:* Dinis Cruz [mailto:dinis at ddplus.net]
> > *Sent:* Tuesday, October 10, 2006 12:03 PM
> > *To:* Mark Curphey
> > *Cc:* Fyodor; Meder Kydyraliev; dinis.cruz at ddplus.net
> > *Subject:* Re: Building the Ultimate Open Source Web App Scanner!!!
> >
> >
> >
> > Just had a quick chat with fyodor and we agreed on 1 am GMT (8am his
> > time) for the call
> >
> > Dinis
> >
> > On 10/9/06, *Mark Curphey* < mark at curphey.com> wrote:
> >
> > Works for me.
> >
> >
> >
> > *From:* Dinis Cruz [mailto:dinis at ddplus.net ]
> > *Sent:* Monday, October 09, 2006 7:04 AM
> > *To:* Fyodor
> > *Cc:* Mark Curphey; Meder Kydyraliev; dinis.cruz at ddplus.net
> > *Subject:* Re: Building the Ultimate Open Source Web App Scanner!!!
> >
> >
> >
> > Sure, when do you want to do it?
> >
> > What about tomorrow night GMT time
> >
> > Dinis
> >
> > On 10/9/06, *Fyodor* <fygrave at gmail.com > wrote:
> >
> > hey guys,
> > nevermind the funding part, do you still want to catch up online and
> > discuss the toolkit thing?
> >
> >
> >
> >
> > --
> > Best regards
> >
> > Dinis Cruz
> > OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC
> > OWASP .Net Project, http://www.owasp.org/index.php/.Net
> >
> >
> >
> >
> > --
> > Best regards
> >
> > Dinis Cruz
> > OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC
> > OWASP .Net Project, http://www.owasp.org/index.php/.Net
> >
>
>
>
> --
> Best regards
>
> Dinis Cruz
> OWASP Autumn of Code 2006, http://www.owasp.org/index.php/OAC
> OWASP .Net Project, http://www.owasp.org/index.php/.Net
>
>





-- 
Dinis Cruz
Chief OWASP Evangelist
http://www.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080306/d60766f1/attachment-0002.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OWASP Beretta V0.55a.ppt
Type: application/vnd.ms-powerpoint
Size: 120320 bytes
Desc: not available
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080306/d60766f1/attachment-0002.ppt>


More information about the Owasp-board mailing list