One of the features of the automated scan that would be very useful: 1. ajax testing. Nothing to date does this. A 'learn' mode that would allow me to interact with the application, and then a 'fuzz' mode that would automatically attack paramaters that the machine 'learns' during learn mode. The 'fuzz' mode could check for things like buffer overflows, unhandled conditions, random characters, etc.
<br><br>For static applications, the 'automated' discovery could follow a set of 'paths' that I set by browsing the sites. I don't always want to test the ENTIRE website, but just the part that has changed. So following my 'path' it could autotest links ONLY on the pages I specify.
<br><br>Complete automated testing, of course should be standard. <br><br>Finally a sql injection banger for looking at logins, and things that look for stupid things like not encrypting password fields before they are sent to server
e.g. either base64 encoding, or application specific java scripts that allow logins from forms. <br><br>Reporting wise, either export to .odf would be great, since from there I can go to html, pdf, or etc. Something management friendly with 'high, medium, low' assessments, which are of course, customizable by me! We can use a 'scoring' system to decide if an application 'passes' or 'fails' by a point system. Helps to make things more quantifiable.
<br><br>I will help as much as I can in testing, I LOVE pantera! <br><br>Thomas J. Munn<br><br><br clear="all"><br>-- <br>-----------------------<br>Two Wheels Good, Four Wheels Bad