[Owasp-topten] A7 2013 - "Some proxies support this type of analysis"

Ryan Dewhurst ryandewhurst at gmail.com
Fri May 31 18:25:33 UTC 2013


The feature is there in Burp but I'm not sure if it is working properly or
if I am doing something wrong. I've opened a bug report -
http://forum.portswigger.net/thread/658/compare-site-ignores-session-config


On Fri, May 31, 2013 at 8:20 PM, Dave Wichers <dave.wichers at owasp.org>wrote:

> I know that Burp Pro does. I’m not personally aware of any others that do.
> I’m hesitant to add a comment about Burp Pro to the Top 10 since it’s a
> commercial tool.****
>
> ** **
>
> If anyone knows of any others that do, commercial or otherwise, please let
> us know.****
>
> ** **
>
> -Dave****
>
> ** **
>
> *From:* owasp-topten-bounces at lists.owasp.org [mailto:
> owasp-topten-bounces at lists.owasp.org] *On Behalf Of *Ryan Dewhurst
> *Sent:* Friday, May 31, 2013 11:09 AM
> *To:* OWASP TopTen
> *Subject:* [Owasp-topten] A7 2013 - "Some proxies support this type of
> analysis"****
>
> ** **
>
> Hi,****
>
> ** **
>
> On "Top 10 2013-A7-Missing Function Level Access Control" under the "Am I
> Vulnerable To 'Missing Function Level Access Control'?" section it states
> "Some proxies support this type of analysis.". -
> https://www.owasp.org/index.php/Top_10_2013-A7****
>
> ** **
>
> Does anyone know which proxies support this kind of analysis? Burp, Zap,
> others?****
>
> ** **
>
> I ask out of personal curiosity but not sure if it is also worth adding
> which proxies to that text.****
>
> ** **
>
> Thanks,****
>
> Ryan****
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130531/6fa19895/attachment-0001.html>


More information about the Owasp-topten mailing list