[Owasp-topten] A7 2013 - "Some proxies support this type of analysis"

Ryan Dewhurst ryandewhurst at gmail.com
Fri May 31 15:28:37 UTC 2013


Awesome, I wasn't aware of this feature in Burp!

Thanks Adam


On Fri, May 31, 2013 at 5:25 PM, Adam Baso <adam at comotheory.com> wrote:

> Off the top of my head, Burp Suite (
> http://portswigger.net/burp/help/target_sitemap_comparingmaps.html) and
> IBM AppScan Standard support this. Not sure off the top of my head about
> this feature being in ZAP.
>
> Of course efficacy of such access control analysis depends in part on
> configuration.
>
> I believe convention in the doc is to avoid listing commercial, non-OWASP
> tools.
> On May 31, 2013 8:11 AM, "Ryan Dewhurst" <ryandewhurst at gmail.com> wrote:
>
>> Hi,
>>
>> On "Top 10 2013-A7-Missing Function Level Access Control" under the "Am I
>> Vulnerable To 'Missing Function Level Access Control'?" section it states
>> "Some proxies support this type of analysis.". -
>> https://www.owasp.org/index.php/Top_10_2013-A7
>>
>> Does anyone know which proxies support this kind of analysis? Burp, Zap,
>> others?
>>
>> I ask out of personal curiosity but not sure if it is also worth adding
>> which proxies to that text.
>>
>> Thanks,
>> Ryan
>>
>> _______________________________________________
>> Owasp-topten mailing list
>> Owasp-topten at lists.owasp.org
>> https://lists.owasp.org/mailman/listinfo/owasp-topten
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130531/33d55968/attachment.html>


More information about the Owasp-topten mailing list