[OWASP-Raleigh, NC] Two other free appsec tools

Enders, Hans hans.enders at hp.com
Fri Jun 12 09:29:40 EDT 2009


And two free ones I forgot from my own neck of the woods.  Both are obviously teasers from HP ASC, but may be useful for some here.


1. Scrawlr - site crawler that identifies SQLi vulns, "scrawl-er", no auth features, no exploitation features, June 2008.

	https://download.spidynamics.com/Products/scrawlr/ - fill out form to retrieve the MSI file (or I can send it out to you).

	This was sent out en masse to the Microsoft IIS developer community last year as a helper tool for the SQLi attacks that were sweeping the Net.



2.  SWFScan - decompiles and scans SWF Flash files (v9 and earlier) for vulnerabilities , "swiff-scan", March 2009.

	* Download Page: http://www.hp.com/go/swfscan 
	* Initial FAQ - http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/hp-swfscan-faq.aspx?jumpid=reg_R1002_USEN
	* On-going user forum - http://www.communities.hp.com/securitysoftware/forums/612.aspx 
	* Supporting Adobe security article - http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html 




"Habeas data"

(Now that the Cisco registration is gone...)


More information about the Owasp-raleigh mailing list