[OWASP-Raleigh, NC] Two other free appsec tools
hans.enders at hp.com
Fri Jun 12 09:29:40 EDT 2009
And two free ones I forgot from my own neck of the woods. Both are obviously teasers from HP ASC, but may be useful for some here.
1. Scrawlr - site crawler that identifies SQLi vulns, "scrawl-er", no auth features, no exploitation features, June 2008.
https://download.spidynamics.com/Products/scrawlr/ - fill out form to retrieve the MSI file (or I can send it out to you).
This was sent out en masse to the Microsoft IIS developer community last year as a helper tool for the SQLi attacks that were sweeping the Net.
2. SWFScan - decompiles and scans SWF Flash files (v9 and earlier) for vulnerabilities , "swiff-scan", March 2009.
* Download Page: http://www.hp.com/go/swfscan
* Initial FAQ - http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/03/20/hp-swfscan-faq.aspx?jumpid=reg_R1002_USEN
* On-going user forum - http://www.communities.hp.com/securitysoftware/forums/612.aspx
* Supporting Adobe security article - http://www.adobe.com/devnet/flashplayer/articles/secure_swf_apps.html
(Now that the Cisco registration is gone...)
More information about the Owasp-raleigh