[Owasp-topten] A7 2013 - "Some proxies support this type of analysis"
ryandewhurst at gmail.com
Fri May 31 15:28:37 UTC 2013
Awesome, I wasn't aware of this feature in Burp!
On Fri, May 31, 2013 at 5:25 PM, Adam Baso <adam at comotheory.com> wrote:
> Off the top of my head, Burp Suite (
> http://portswigger.net/burp/help/target_sitemap_comparingmaps.html) and
> IBM AppScan Standard support this. Not sure off the top of my head about
> this feature being in ZAP.
> Of course efficacy of such access control analysis depends in part on
> I believe convention in the doc is to avoid listing commercial, non-OWASP
> On May 31, 2013 8:11 AM, "Ryan Dewhurst" <ryandewhurst at gmail.com> wrote:
>> On "Top 10 2013-A7-Missing Function Level Access Control" under the "Am I
>> Vulnerable To 'Missing Function Level Access Control'?" section it states
>> "Some proxies support this type of analysis.". -
>> Does anyone know which proxies support this kind of analysis? Burp, Zap,
>> I ask out of personal curiosity but not sure if it is also worth adding
>> which proxies to that text.
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Owasp-topten