[OWASP-Raleigh, NC] Two other free tools

Enders, Hans hans.enders at hp.com
Thu Jun 11 17:15:13 EDT 2009

And two free ones I forgot from my own neck of the woods.  Both are obviously teasers from HP ASC, but may be useful for some here.

1. Scrawlr - site crawler that identifies SQLi vulns, "scrawl-er", no auth features, no exploitation features, June 2008.

	https://download.spidynamics.com/Products/scrawlr/ - fill out form to retrieve the MSI file (or I can send it out to you).

	This was sent out en masse to the Microsoft IIS developer community last year as a helper tool for the SQLi attacks that were sweeping the Net.

2.  SWFScan - decompiles and scans SWF Flash files (v9 and earlier) for vulnerabilities , "swiff-scan", March 2009.

	* Download Page: http://www.hp.com/go/swfscan 
	* Initial FAQ - http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/hp-swfscan-faq.aspx?jumpid=reg_R1002_USEN
	* On-going user forum - http://www.communities.hp.com/securitysoftware/forums/612.aspx 
	* Supporting Adobe security article - http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html 

"Habeas data"

PS - apparently I should not have Replied to the previous posting, Cisco jumped in there somehow!

More information about the Owasp-raleigh mailing list