[Owasp-mumbai] Automated Web Application Security

Dharmesh M Mehta dharmeshmm at mastek.com
Tue Mar 21 03:53:33 EST 2006


Hi All,

 

If you want to have a look at the benchmark done for major automated
scanners:

http://www.spidynamics.com/assets/documents/SecureEnterprise_WI5.5_revie
w.pdf

Thanks & Regards,
__________________________________
Dharmesh Mehta
Technology Cell
Mastek Limited
Tel : +91-22-56952222 Extn : 1005 
http://smartsecurity.blogspot.com 
Dream as if you'll live forever. Live as if you'll die today. - James
Dean 

  _____  

From: owasp-mumbai-admin at lists.sourceforge.net
[mailto:owasp-mumbai-admin at lists.sourceforge.net] On Behalf Of
rajeshk.d at tcs.com
Sent: Friday, March 17, 2006 5:54 PM
To: suskum
Cc: owasp-mumbai at lists.sourceforge.net;
owasp-mumbai-admin at lists.sourceforge.net
Subject: RE: [Owasp-mumbai] Automated Web Application Security

 


AppScan has this path limit in the default configuration which restricts
you from going over the same url after some times...so if your app has a
single url e.g. www.abc.com/nav.jsp and if the rest of the pages are
visited by passing a parameter to this page like
www.abc.com/nav.jsp?next=test.jsp, www.abc.com/nav.jsp?next=test1.jsp,
etc...then you may face problem crawling the application....the solution
is to remove the path limit in the config file....but now if you have
the same limit removed and try to scan other apps then the crawl may
take more time ... so you need to understand the application's
navigation behaviour before you scan... i don't come across that much
apps like these but it's nice to know it and use it effectively... 

Thanks 

Rajesh Kumar D
Tata Consultancy Services Limited
Mailto: rajeshk.d at tcs.com
Website: http://www.tcs.com

 
 
Notice: The information contained in this e-mail message and/or
attachments to it may contain confidential or privileged information. If
you are not the intended recipient, any dissemination, use, review,
distribution, printing or copying of the information contained in this
e-mail message and/or attachments to it are strictly prohibited. If you
have received this communication in error, please notify us by reply
e-mail or telephone and immediately and permanently delete the message
and any attachments. Thank you
 

 

 

 

MASTEK 
"Making a valuable difference"
Mastek in NASSCOM's 'India Top 20' Software Service Exporters List.
In the US, we're called MAJESCOMASTEK

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Opinions expressed in this e-mail are those of the individual and not that of Mastek Limited, unless specifically indicated to that effect. Mastek Limited does not accept any responsibility or liability for it. This e-mail and attachments (if any) transmitted with it are confidential and/or privileged and solely for the use of the intended person or entity to which it is addressed. Any review, re-transmission, dissemination or other use of or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. This e-mail and its attachments have been scanned for the presence of computer viruses. It is the responsibility of the recipient to run the virus check on e-mails and attachments before opening them. If you have received this e-mail in error, kindly delete this e-mail from all computers.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.owasp.org/pipermail/owasp-mumbai/attachments/20060321/666114e1/attachment.html 


More information about the Owasp-Mumbai mailing list