[Owasp-board] Fwd: Building the Ultimate Open Source Web App Scanner!!!

dinis cruz dinis.cruz at owasp.org
Thu Mar 6 12:09:59 UTC 2008

More from that thread


---------- Forwarded message ----------
From: Fyodor <fygrave at gmail.com>
Date: Sep 28, 2006 3:35 PM
Subject: Re: Building the Ultimate Open Source Web App Scanner!!!
To: Mark Curphey <mark at curphey.com>
Cc: meder.k at gmail.com, dinis.cruz at ddplus.net

Hey guys,
  Yep, I think thats actually what we were aiming at designing YAWATT.
The idea behind is to have a common data exchange format and
communication framework available from different languages (we want to
get rid off spread and have our own thing, due to certain spread
limitations) and the rest of system could be developed as standalone
components integrating via common communication layer.

There will be various "bindings" for every popular language (spread
supports java, c/c++, python and ruby, and thats also what is initally
planned to be supported in our own replacement).

Further on architectural level, we wanted to implement things that go
beyond the trivial user input validation checks. Of course with
current framework implementing these is quite easy (plugins that dig
certain classification keywords or direct match of url/data parts),
but we are aiming at abilities to test application logic bugs. Theres
not much work done before in this area, and I think there's alot of
research interest here too. Let us know, if you guys are interested to
discuss the architectural decisions here, I guess maybe we can come
with something more fresh :)

PS: I haven't seen Beretta/Panterra yet, any links or references?

On 9/28/06, Mark Curphey <mark at curphey.com> wrote:
> Fyodor, Meder,
> Great job last week in KL. I wanted to stop and chat but had to run to
> work stuff.
> Dinis Cruz and I have been chatting about an idea. It seems to us that
> is a lot of individual work going on to build various web scanners. This
> great but I wonder if any will ever have the resources to truly build a
> great tool. One idea we have come up with is to see if we could pull
> together various interested developers and pool resources. We could
> collectively design a pluggable distributed architecture and small teams
> could focus on one component. The result would be a really cool product
> would get built much faster and me much more effective. If we also design
> this thing with interoperability in mind we can use the tech of choice for
> the various components.
> Any interest from you guys in pooling the work you have done on YAWATT
> Dinis's work on Beretta and some other things like Panterra and forming a
> serious global team? I think within a year we could all build out a really
> serious product


Dinis Cruz
Chief OWASP Evangelist
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-board/attachments/20080306/33d48929/attachment-0002.html>

More information about the Owasp-board mailing list