[Owasp-pantera] Ideas for scan engine

list at roseslabs.com list at roseslabs.com
Thu Jan 4 10:13:36 EST 2007

Hi Thomas,

thanks for your ideas :)

I can see we share some common ideas, thats great...
keep the ideas flowing...

I dont know why but I love Pantera too ;)


> One of the features of the automated scan that would be very useful: 1.
> ajax
> testing.  Nothing to date does this.  A 'learn' mode that would allow me
> to
> interact with the application, and then a 'fuzz' mode that would
> automatically attack paramaters that the machine 'learns' during learn
> mode.  The 'fuzz' mode could check for things like buffer overflows,
> unhandled conditions, random characters, etc.
> For static applications, the 'automated' discovery could follow a set of
> 'paths' that I set by browsing the sites.  I don't always want to test the
> ENTIRE website, but just the part that has changed.  So following my
> 'path'
> it could autotest links ONLY on the pages I specify.
> Complete automated testing, of course should be standard.
> Finally a sql injection banger for looking at logins, and things that look
> for stupid things like not encrypting password fields before they are sent
> to server e.g. either base64 encoding, or application specific java
> scripts
> that allow logins from forms.
> Reporting wise, either export to .odf would be great, since from there I
> can
> go to html, pdf, or etc.  Something management friendly with 'high,
> medium,
> low' assessments, which are of course, customizable by me!  We can use a
> 'scoring' system to decide if an application 'passes' or 'fails' by a
> point
> system.  Helps to make things more quantifiable.
> I will help as much as I can in testing, I LOVE pantera!
> Thomas J. Munn
> --
> -----------------------
> Two Wheels Good, Four Wheels Bad
> _______________________________________________
> Owasp-pantera mailing list
> Owasp-pantera at lists.owasp.org
> http://lists.owasp.org/mailman/listinfo/owasp-pantera

More information about the Owasp-pantera mailing list