[Owasp-topten] A7 2013 - "Some proxies support this type of analysis"

Dave Wichers dave.wichers at owasp.org
Fri May 31 18:26:38 UTC 2013


Jeff Williams said he used the feature in Burp Pro to good effect in a pen
test late last year. I personally have never used the feature.

 

-Dave

 

From: Ryan Dewhurst [mailto:ryandewhurst at gmail.com] 
Sent: Friday, May 31, 2013 2:26 PM
To: Dave Wichers
Cc: OWASP TopTen
Subject: Re: [Owasp-topten] A7 2013 - "Some proxies support this type of
analysis"

 

The feature is there in Burp but I'm not sure if it is working properly or
if I am doing something wrong. I've opened a bug report -
http://forum.portswigger.net/thread/658/compare-site-ignores-session-config

 

On Fri, May 31, 2013 at 8:20 PM, Dave Wichers <dave.wichers at owasp.org>
wrote:

I know that Burp Pro does. I'm not personally aware of any others that do.
I'm hesitant to add a comment about Burp Pro to the Top 10 since it's a
commercial tool.

 

If anyone knows of any others that do, commercial or otherwise, please let
us know.

 

-Dave

 

From: owasp-topten-bounces at lists.owasp.org
[mailto:owasp-topten-bounces at lists.owasp.org] On Behalf Of Ryan Dewhurst
Sent: Friday, May 31, 2013 11:09 AM
To: OWASP TopTen
Subject: [Owasp-topten] A7 2013 - "Some proxies support this type of
analysis"

 

Hi,

 

On "Top 10 2013-A7-Missing Function Level Access Control" under the "Am I
Vulnerable To 'Missing Function Level Access Control'?" section it states
"Some proxies support this type of analysis.". -
https://www.owasp.org/index.php/Top_10_2013-A7

 

Does anyone know which proxies support this kind of analysis? Burp, Zap,
others?

 

I ask out of personal curiosity but not sure if it is also worth adding
which proxies to that text.

 

Thanks,

Ryan

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.owasp.org/pipermail/owasp-topten/attachments/20130531/1d2baaf8/attachment.html>


More information about the Owasp-topten mailing list