[prev in list] [next in list] [prev in thread] [next in thread]
List: owasp-dotnet
Subject: [Owasp-dotnet] RE: Owasp-dotnet digest, Vol 1 #221 - 6 msgs
From: "Eoin Keary" <eoinkeary () hotmail ! com>
Date: 2005-09-13 9:35:49
Message-ID: BAY18-F27D4831B422C070277E334A69C0 () phx ! gbl
[Download RAW message or body]
Regarding Dans comment on 200 responses, An app i am testing does this.
HTTP 200 for everything.
I used webinspect and every test was postivie.
If an application has a dynamic url: Each time a link is selected a new
event ID is generated, which is unique and part of the GET request then
after the crawling phase, when webinspect does the test all the url's are
invalid as they have invalid web wevent id's. No tool can get around this
problem.
Eoin
> From: owasp-dotnet-request@lists.sourceforge.net
> Reply-To: owasp-dotnet@lists.sourceforge.net
> To: owasp-dotnet@lists.sourceforge.net
> Subject: Owasp-dotnet digest, Vol 1 #221 - 6 msgs
> Date: Mon, 12 Sep 2005 14:06:26 -0700
>
> Send Owasp-dotnet mailing list submissions to
> owasp-dotnet@lists.sourceforge.net
>
> To subscribe or unsubscribe via the World Wide Web, visit
> https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
> or, via email, send a message with subject or body 'help' to
> owasp-dotnet-request@lists.sourceforge.net
>
> You can reach the person managing the list at
> owasp-dotnet-admin@lists.sourceforge.net
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Owasp-dotnet digest..."
>
>
> Today's Topics:
>
> 1. About The ViewState Decoder Plugin For Fiddler
> (kerem.kusmezer@owasp.org)
> 2. Re: About The ViewState Decoder Plugin For Fiddler (Phillip Haydon)
> 3. Re: [Dailydave] Re: Hacking: As American as Apple Cider (Gadi
> Evron)
> 4. [Fwd: SPI Dynamics Wins Secure Enterprise Testers Choice] (Dinis
> Cruz)
> 5. DeveloperDeveloperDeveloper Day 2 (Dinis Cruz)
> 6. Re: [Fwd: SPI Dynamics Wins Secure Enterprise Testers Choice]
> (Daniel Cuthbert)
>
> --__--__--
>
> Message: 1
> Date: Mon, 12 Sep 2005 02:05:56 -0400 (EDT)
> From: kerem.kusmezer@owasp.org
> To: owasp-dotnet@lists.sourceforge.net
> Subject: [Owasp-dotnet] About The ViewState Decoder Plugin For Fiddler
>
> I have developed a custom plugin for Fiddler, which enables you to decode
> the viewstate on the fly.
> You can download the latest version with the source code from
> http://www.yazilimguvenligi.com/ViewStateplug.zip.
> Any comments and improvement ideas are welcome.
>
> P.S: I have also developed a com compitable version of this , which
> enables you to call the decoder from any com compitable platform with
> net1.1 installed.
> Also i have developed a jndi interface for this which enables you to call
> it directly from java, just passing the viewstate text into it.
> I am now uploading the com compitable version to the server.
>
> Sincerely Yours
> Izzet Kerem Kusmezer
>
>
> --__--__--
>
> Message: 2
> To: Owasp-dotnet@lists.sourceforge.net
> Subject: Re: [Owasp-dotnet] About The ViewState Decoder Plugin For Fiddler
> Date: Mon, 12 Sep 2005 19:24:33 +1200
> From: "Phillip Haydon" <naturalcause@orcon.net.nz>
>
> No offence, but why re-invent the wheel? There are already plenty of good
> viewstate decoders for each .net framework...
>
> Phill
>
> On Mon, 12 Sep 2005 18:05:56 +1200, <kerem.kusmezer@owasp.org> wrote:
>
> > I have developed a custom plugin for Fiddler, which enables you to
> decode
> > the viewstate on the fly.
> > You can download the latest version with the source code from
> > http://www.yazilimguvenligi.com/ViewStateplug.zip.
> > Any comments and improvement ideas are welcome.
> >
> > P.S: I have also developed a com compitable version of this , which
> > enables you to call the decoder from any com compitable platform with
> > net1.1 installed.
> > Also i have developed a jndi interface for this which enables you to
> call
> > it directly from java, just passing the viewstate text into it.
> > I am now uploading the com compitable version to the server.
> >
> > Sincerely Yours
> > Izzet Kerem Kusmezer
> >
> >
> > -------------------------------------------------------
> > SF.Net email is Sponsored by the Better Software Conference & EXPO
> > September 19-22, 2005 * San Francisco, CA * Development Lifecycle
> > Practices
> > Agile & Plan-Driven Development * Managing Projects & Teams * Testing &
> > QA
> > Security * Process Improvement & Measurement *
> http://www.sqe.com/bsce5sf
> > _______________________________________________
> > Owasp-dotnet mailing list
> > Owasp-dotnet@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
> >
> >
>
>
>
> --
> Using Opera's revolutionary e-mail client: http://www.opera.com/mail/
>
>
> --__--__--
>
> Message: 3
> Date: Mon, 12 Sep 2005 07:01:20 +0200
> From: Gadi Evron <ge@linuxbox.org>
> To: Dinis Cruz <dinis@ddplus.net>
> CC: dailydave@lists.immunitysec.com, owasp-dotnet@lists.sourceforge.net,
> owasp-leaders@lists.sourceforge.net, "Marcus J. Ranum"
> <mjr@ranum.com>,
> Kyle.Quest@networkengines.com
> Subject: [Owasp-dotnet] Re: [Dailydave] Re: Hacking: As American as Apple
> Cider
>
> > 4) "Hacking is Cool"
> >
> > This section is the only one that I don't really agree with Marcus, and
> > I think the reason is because I have a different definition of Hacking.
> >
> > For me Hacking is a combination of: learning, research, solving-puzzles,
> > perseverance, doing what is perceived to be impossible, advancing the
> > understating of a particular problem, pushing the boundaries, thinking
> > outside of the box, being creative, reverse engineer a system, etc....
> >
> > ... in a single work Hacking = Creating (as in Inventing).
> >
> > Hacking for me is also what most Artists, Scientists and Engineers do.
> > This (I believe) is the original definition of hacking before it got
> > hijacked by the Media who define Hacking as criminal activity.
>
> Has anyone ever hacked real life?
>
> You know what I'm talking about and it is not social engineering nor
> reversing. Someone should collect some of these cool funny stories or
> "pranks" that always seem to be around us, put them in a book, and release.
>
> Gadi.
>
> --
> Available for consulting:
> +972-50-5428610 / ge@linuxbox.org.
>
>
> --__--__--
>
> Message: 4
> Date: Mon, 12 Sep 2005 21:44:49 +0100
> From: Dinis Cruz <dinis@ddplus.net>
> To: owasp-dotnet@lists.sourceforge.net
> Subject: [Owasp-dotnet] [Fwd: SPI Dynamics Wins Secure Enterprise Testers
> Choice]
>
> This is a multi-part message in MIME format.
> --------------090507020808040603000605
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
>
> Any comments?
>
> --------------090507020808040603000605
> Content-Type: message/rfc822;
> name="SPI Dynamics Wins Secure Enterprise Testers Choice"
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline;
> filename="SPI Dynamics Wins Secure Enterprise Testers Choice"
>
> X-Account-Key: account2
> Return-Path: <v-gangd_fploemoo_hghfnf_hghfnf_a@bounce3.rm04.net> Mon Sep 12
> 15:31:16 2005
> Received: from spam3.orcsweb.com [66.129.69.48] by mail.orcsweb.com with
> SMTP;
> Mon, 12 Sep 2005 15:31:16 -0400
> X-ASG-Debug-ID: 1126553475-27282-29-0
> X-Barracuda-URL: http://spam.orcsweb.com:80/cgi-bin/mark.cgi
> X-Barracuda-UID: dinis@ddplus.net dinis@ddplus.net dinis@ddplus.net
> Received: from mail09.rm04.net (mail09.rm04.net [129.41.69.95])
> by mailfilter.orcsweb.com (Spam Firewall) with ESMTP id 3473A13AD6A0D
> for <dinis@ddplus.net>; Mon, 12 Sep 2005 15:31:15 -0400 (EDT)
> Received: by mail09.rm04.net id h4nbo6064o0d for <dinis@ddplus.net>; Mon,
> 12 Sep 2005 15:30:48 -0400 (envelope-from
> <v-gangd_fploemoo_hghfnf_hghfnf_a@bounce3.rm04.net>)
> Message-ID: <284542.1126553448310.JavaMail.root@mailgen02.atlp1>
> Date: Mon, 12 Sep 2005 15:30:48 -0400 (EDT)
> From: SPI Dynamics <news@spidynamics.com>
> Reply-To: news@spidynamics.com
> To: dinis@ddplus.net
> X-ASG-Orig-Subj: SPI Dynamics Wins Secure Enterprise Testers Choice
> Subject: SPI Dynamics Wins Secure Enterprise Testers Choice
> Mime-Version: 1.0
> Content-Type: multipart/alternative;
> boundary="----=_Part_1008_333927.1126553407850"
> x-mid: 396643
> X-Virus-Scanned: by ORCSWEB Spam Quarantine at orcsweb.com
> X-Barracuda-Spam-Score: 2.17
> X-Barracuda-Spam-Status: No, SCORE=2.17 using per-user scores of
> TAG_LEVEL=4.0 QUARANTINE_LEVEL=7.0 KILL_LEVEL�00.0 testsºYES_80,
> HTML_FONT_FACE_BAD, HTML_IMAGE_RATIO_06, HTML_MESSAGE
> X-Barracuda-Spam-Report: Code version 3.02, rules version 3.0.3913
> Rule breakdown below pts rule name description
> ---- ----------------------
> --------------------------------------------------
> 0.13 HTML_IMAGE_RATIO_06 BODY: HTML has a low ratio of text to image
> area
> 0.01 HTML_MESSAGE BODY: HTML included in message
> 0.04 HTML_FONT_FACE_BAD BODY: HTML font face is not a word
> 2.00 BAYES_80 BODY: Bayesian spam probability is 80 to 95%
> [score: 0.8382]
>
> ------=_Part_1008_333927.1126553407850
> Content-Type: text/plain
> Content-Transfer-Encoding: 7bit
>
>
>
>
>
> Secure Enterprise Magazine chose SPI Dynamics WebInspect 5.5 as the Testers
> Choice product in a recent Web Application vulnerability scanner product
> review. Read the entire Secure Enterprise review at:
> http://www.spidynamics.com/assets/documents/SecureEnterprise_WI5.5_review.pdf
>
> http://sdm3.rm04.net/ctt?kn=6&m96643&r=MTYwNjMwNzA1NAS2&b=2&j=Nzc2MzQxMwS2&mt=1
>
>
>
> To test your Web Application, download our complimentary 15-day product
> trial that delivers a comprehensive vulnerability report.
>
>
>
> WebInspect Enterprise Edition 5.5. delivers a complete enterprise solution
> for addressing security throughout the application lifecycle.
>
> Learn More>>>
>
> http://sdm3.rm04.net/ctt?kn=2&m96643&r=MTYwNjMwNzA1NAS2&b=2&j=Nzc2MzQxMwS2&mt=1
>
> SPI Dynamics, Inc.
>
> 115 Perimeter Center Pl. NE.
>
> Suite 1100
>
> Atlanta GA 30346
>
> 678.781.4800
>
> sales@spidynamics.com
>
> mailto:sales@spidynamics.com
>
>
>
> Toll-Free: 1.866.SPI.2700 (1.866.774.2700) www.spidynamics.com
>
> ( http://www.spidynamics.com/ )
>
>
>
>
>
>
>
> Please Remove Me From This Mailing
>
> http://sdm3.rm04.net/ui/modules/display/optOut.jsp?&m96643&r=MTYwNjMwNzA1NAS2&j=Nzc2MzQxMwS2&mt=1
> Begin Referenced Links \
> ===================================>http://www.spidynamics.com/assets/documents/SecureEnterprise_WI5.5_review.pdf
>
> https://download.spidynamics.com/1/ad/fwi.asp?Campaign_IDp1300000002PzY
>
> End Referenced Links =====================================>
>
>
> ------=_Part_1008_333927.1126553407850
> Content-Type: text/html
> Content-Transfer-Encoding: quoted-printable
>
> <HTML><BODY style="FONT-FAMILY: arial" LINK="#0000FF"
> ALINK="#0000FF"> VLINK="#800080" BGCOLOR="#FFFFFF"><P align="left"><IMG
> src="http:/>/open3.rm04.net/open/log/396643/MTYwNjMwNzA1NAS2/0/Nzc2MzQxMwS2/1"><!--VERS>ION \
> value="6.0.1"--><TABLE cellSpacing=0 cellPadding=0 width=650 al>ign=center border=0 \
> > <TBODY>
> <TR >
> <TD ><IMG height=54 alt="SPI Dynamics and Microsoft"
> src='http://con>tent3.rm04.net/ra/2005/09/12/396643/CONT_17.gif' width=650 border=0
> > <>/TD></TR>
> <TR >
> <TD >
> <TABLE cellSpacing=0 cellPadding=0 width=650 border=0 >
> <TBODY>
> <TR >
> <TD vAlign=top ><IMG height=120 alt="Webcast: The Hacker Evolution:
> > New Trends in Application Vulnerabilities and Exploits"
> src='http://conte>nt3.rm04.net/ra/2005/09/12/396643/CONT_18.gif' width=389 border=0
> > </T>D>
> <TD vAlign=top ><IMG height=120 alt=""
> src='http://content3.rm04.n>et/ra/2005/09/12/396643/CONT_19.jpg' width=261 border=0
> > </TD></TR></T>BODY></TABLE></TD></TR>
> <TR >
> <TD style="BORDER-TOP: #ffffff 1px solid; BACKGROUND-COLOR: #7394ac" >
> <TABLE cellSpacing=16 cellPadding=0 width="100%" border=0 >
> <TBODY>
> <TR >
> <TD style="FONT-SIZE: 15px; COLOR: #ffffff; LINE-HEIGHT: 25px;
> FONT-FAMIL>Y: Verdana, Arial, Helvetica, sans-serif" width="50%" >
> <P align=center><STRONG><A
> href="http://sdm3.rm04.net/ctt?kn=3&m=39>6643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1"
> name=httpwww.spi>dynamics.comassetsdocumentsSecureEnterprise_WI5.5_review.pdf(3) \
> ><IMG heigh>t=133 hspace=3
> src='http://content3.rm04.net/ra/2005/09/12/396643/CON>T_20.gif' width=200 border=0 \
> ></A></STRONG></P></TD> <TD style="PADDING-LEFT: 16px; FONT-SIZE: 12px; \
> > BORDER-LEFT: #ffffff 1px solid; COLOR: #ffffff; LINE-HEIGHT: 14px; FONT-FAMILY: \
> > Verdana, Arial,
> Helv>etica, sans-serif" width="50%" ><STRONG><IMG height=100
> src='http://>content3.rm04.net/ra/2005/09/12/396643/CONT_21.gif' width=250
> > </STRONG>> </TD></TR></TBODY></TABLE></TD></TR>
> <TR >
> <TD vAlign=top >
> <P style="PADDING-RIGHT: 16px; PADDING-LEFT: 16px; FONT-SIZE: 12px;
> PADDI>NG-BOTTOM: 25px; COLOR: #6a6969; LINE-HEIGHT: 14px; PADDING-TOP: 25px;
> FONT>-FAMILY: Verdana, Arial, Helvetica, sans-serif"><FONT face=Arial
> size=3> >Secure Enterprise Magazine chose SPI Dynamics WebInspect 5.5 as the
> Tester>s Choice product in a recent Web Application vulnerability scanner product
> > review. Read the entire Secure Enterprise review</FONT><FONT
> face=Ar>ial size=3> at: </FONT><A style="COLOR: #7394ac"
> href="http://sd>m3.rm04.net/ctt?kn=6&m=396643&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMw>S2&mt=1"
> name=httpwww.spidynamics.comassetsdocumentsSecureEnterprise_WI>5.5_review.pdf(4) \
> ><FONT face=Arial size=3>http://www.spidynamics.com/a>ssets/documents/SecureEnterprise_WI5.5_review.pdf</FONT></A><FONT
> >
> size=3>> <BR></FONT><BR><STRONG><A
> href="http://sdm3.rm04.net/ctt?kn=5&m=3966>43&r=MTYwNjMwNzA1NAS2&b=0&j=Nzc2MzQxMwS2&mt=1" \
> name=link ><IMG he>ight=75
> src='http://content3.rm04.net/ra/2005/09/12/396643/CONT_22.gif'> width=250 \
> align=left ></A></STRONG><STRONG><BR><FONT size=3><FONT f>ace=Arial><SPAN \
> style="FONT-SIZE: 10pt; FONT-FAMILY: Verdana">To test y>our Web Application, \
> download our complimentary 15-day product trial that d>elivers a comprehensive \
> vulnerability report</SPAN><SPAN class=style1><SP>AN style="FONT-FAMILY:
> Verdana">.</SPAN></SPAN></FONT><BR></FONT></STRONG> ><BR><BR><BR><FONT face=Arial \
> size=3>WebInspect Enterprise Edition 5.5.> delivers a complete enterprise solution \
> for addressing security throughout> the application lifecycle.</FONT><SPAN \
> class=style2><A style="COLOR: #>7394ac"
> href="http://sdm3.rm04.net/ctt?kn=2&m=396643&r=MTYwNjMwNzA1>NAS2&b=0&j=Nzc2MzQxMwS2&mt=1" \
> target=_blank name=httpwww.spidynam>ics.comproductswebinspectdatasheet.html \
> ><BR><FONT face=Arial size=3>Le>arn \
> > More>>></FONT></A></SPAN><BR><BR></P></TD></TR>
> <TR >
> <TD style="BACKGROUND-COLOR: #999999" >
> <TABLE cellSpacing=0 cellPadding=16 width="100%" border=0 >
> <TBODY>
> <TR >
> <TD style="FONT-SIZE: 12px; COLOR: #ffffff; LINE-HEIGHT: 14px;
> FONT-FAMIL>Y: Verdana, Arial, Helvetica, sans-serif" vAlign=top width="50%" >
> <P><STRONG>SPI Dynamics, Inc.<BR></STRONG>115 Perimeter Center Pl.
> NE.<BR>S>uite 1100<BR>Atlanta GA 30346<BR>678.781.4800<BR><A style="FONT-SIZE:
> 12p>x; COLOR: #ffffff; TEXT-DECORATION: none"
> href="mailto:sales@spidynamics.>com" name=mailtosales@spidynamics.com(2)
> xt="SPLINK">sales@spidynamics.>com</A> <BR>Toll-Free: 1.866.SPI.2700 \
> (1.866.774.2700) <A \
> href="http://ww>w.spidynamics.com/">www.spidynamics.com</A><BR></P></TD> <TD \
> style="FONT-SIZE: 12px; COLOR: #ffffff; LINE-HEIGHT: 14px; FONT-FAMIL>Y: Verdana, \
> Arial, Helvetica, sans-serif" vAlign=top width="50%"
> > &nbs>p;</TD></TR></TBODY></TABLE><FONT face=Arial><A
> href="http://sdm3.rm04.>net/ui/modules/display/optOut.jsp?&m=396643&r=MTYwNjMwNzA1NAS2&j=Nzc2>MzQxMwS2&mt=1" \
> name=oppurtg >Please Remove Me From This \
> Mailing</A></FO>NT></TD></TR></TBODY></TABLE><BR></P></BODY></HTML>
>
> ------=_Part_1008_333927.1126553407850--
>
>
>
> --------------090507020808040603000605--
>
>
>
> --__--__--
>
> Message: 5
> Date: Mon, 12 Sep 2005 21:55:33 +0100
> From: Dinis Cruz <dinis@ddplus.net>
> To: owasp-dotnet@lists.sourceforge.net,
> owasp-london@lists.sourceforge.net
> Subject: [Owasp-dotnet] DeveloperDeveloperDeveloper Day 2
>
> This is a multi-part message in MIME format.
> --------------090306060607060603050607
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
> Content-Transfer-Encoding: 7bit
>
>
> I'm doing the following presentation on the next DDD conference
> (http://www.developerday.co.uk/ddd/default.asp) in Reading (UK)
>
> *"Attacking Web and Windows Applications*
> In this session multiple attack vectors will be shown covering a wide
> variety of vulnerabilities and exploits: Sql Injection (basic and
> advanced), XSS (session hijacking and remote command execution),
> Elevation of Privilege, Web Services exploitation, AJAX exploitation,
> Rootkits (user and kernel level), attacking fat-clients by hooking into
> windows functions (and patching applications in real time), dynamically
> manipulating .Net client applications, exploiting buffer overflows,
> exploiting IE vulnerabilities, exploiting Full Trust Asp.Net, attacking
> IIS, and, using MetaSploit to automate attacks (and exploit generation)."
>
> If you are going to attend, you can vote for the ones you want to see
> here: http://www.developerday.co.uk/ddd/votesessions.asp
>
> Thanks
>
> Dinis
>
> --------------090306060607060603050607
> Content-Type: text/html; charset=ISO-8859-1
> Content-Transfer-Encoding: 7bit
>
> <!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
> <html>
> <head>
> <meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
> </head>
> <body bgcolor="#ffffff" text="#000000">
> <br>
> <font face="Times New Roman, Times, serif" size="2">I'm doing the
> following presentation on the next DDD conference
> (<a class="moz-txt-link-freetext"
> href="http://www.developerday.co.uk/ddd/default.asp">http://www.developerday.co.uk/ddd/default.asp</a>)
> in Reading (UK)<br>
> <br>
> <b>"Attacking Web and Windows Applications</b><br>
> In this session multiple attack vectors will be shown covering a wide
> variety of vulnerabilities and exploits: Sql Injection (basic and
> advanced), XSS (session hijacking and remote command execution),
> Elevation of Privilege, Web Services exploitation, AJAX exploitation,
> Rootkits (user and kernel level), attacking fat-clients by hooking into
> windows functions (and patching applications in real time), dynamically
> manipulating .Net client applications, exploiting buffer overflows,
> exploiting IE vulnerabilities, exploiting Full Trust Asp.Net, attacking
> IIS, and, using MetaSploit to automate attacks (and exploit
> generation)."<br>
> <br>
> If you are going to attend, you can vote for the ones you want to see
> here: <a class="moz-txt-link-freetext"
> href="http://www.developerday.co.uk/ddd/votesessions.asp">http://www.developerday.co.uk/ddd/votesessions.asp</a><br>
> <br>
> Thanks<br>
> <br>
> Dinis<br>
> </font><font face="Times New Roman, Times, serif" size="2"></font>
> </body>
> </html>
>
> --------------090306060607060603050607--
>
>
>
> --__--__--
>
> Message: 6
> From: Daniel Cuthbert <daniel.cuthbert@owasp.org>
> Subject: Re: [Owasp-dotnet] [Fwd: SPI Dynamics Wins Secure Enterprise
> Testers Choice]
> Date: Mon, 12 Sep 2005 22:03:24 +0100
> To: owasp-dotnet@lists.sourceforge.net
>
>
> --Apple-Mail-13-75432651
> Content-Transfer-Encoding: 7bit
> Content-Type: text/plain;
> charset=US-ASCII;
> delsp=yes;
> format=flowed
>
> Loads
>
> The reason it works is that it has loads of shiny buttons and the
> marketing department claims it to be the best
> They only let you test it on their vulnerable web site, but anyone
> with a small sense can guess its been designed to "find" all those holes
>
> Easy tip for anyone wanting to totally stuff the automated scanners:
> Make Apache/IIS return 200 OK's for EVERY request. This will make it
> light up like a christmas tree for vulnerabilities found
>
>
> On 12 Sep 2005, at 21:44, Dinis Cruz wrote:
>
> > Any comments?
> >
> > From: SPI Dynamics <news@spidynamics.com>
> > Date: 12 September 2005 20:30:48 BDT
> > To: dinis@ddplus.net
> > Subject: SPI Dynamics Wins Secure Enterprise Testers Choice
> > Reply-To: news@spidynamics.com
> >
> >
> >
> >
> >
> >
> >
> >
> >
> > Secure Enterprise Magazine chose SPI Dynamics WebInspect 5.5 as the
> > Testers Choice product in a recent Web Application vulnerability
> > scanner product review. Read the entire Secure Enterprise review
> > at: http://www.spidynamics.com/assets/documents/
> > SecureEnterprise_WI5.5_review.pdf
> >
> >
> > To test your Web Application, download our complimentary 15-day
> > product trial that delivers a comprehensive vulnerability report.
> >
> >
> >
> > WebInspect Enterprise Edition 5.5. delivers a complete enterprise
> > solution for addressing security throughout the application lifecycle.
> > Learn More>>>
> >
> >
> > SPI Dynamics, Inc.
> > 115 Perimeter Center Pl. NE.
> > Suite 1100
> > Atlanta GA 30346
> > 678.781.4800
> > sales@spidynamics.com
> > Toll-Free: 1.866.SPI.2700 (1.866.774.2700) www.spidynamics.com
> >
> >
> > Please Remove Me From This Mailing
> >
> >
> >
>
>
> --Apple-Mail-13-75432651
> Content-Transfer-Encoding: quoted-printable
> Content-Type: text/html;
> charset=ISO-8859-1
>
> <HTML><BODY style="word-wrap: break-word; -khtml-nbsp-mode: space; \
> >-khtml-line-break: after-white-space; ">Loads<DIV><BR \
> > >class="khtml-block-placeholder"></DIV><DIV>The reason it works is that >it has \
> > > loads of shiny buttons and the marketing department claims it to >be the \
> > > best</DIV><DIV>They only let you test it on their vulnerable web >site, but \
> > > anyone with a small sense can guess its been designed to >"find" all those \
> > > holes</DIV><DIV><BR >class="khtml-block-placeholder"></DIV><DIV>Easy tip for \
> > > anyone wanting >to totally stuff the automated scanners:</DIV><DIV>Make \
> > > Apache/IIS >return 200 OK's for EVERY request. This will make it light up like \
> > > a >christmas tree for vulnerabilities found</DIV><DIV><BR \
> > > >class="khtml-block-placeholder"></DIV><DIV><BR><DIV><DIV>On 12 Sep >2005, at \
> > > > 21:44, Dinis Cruz wrote:</DIV><BR \
> > > > >class="Apple-interchange-newline"><BLOCKQUOTE type="cite"><DIV \
> > > > > >style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; \
> > > > > > >margin-left: 0px; ">Any comments?</DIV><DIV style="margin-top: 0px; \
> > > > > > > >margin-right: 0px; margin-bottom: 0px; margin-left: 41px; text-indent: \
> > > > > > > > >-41px; font: normal normal normal 12px/normal Helvetica; color: \
> > > > > > > > > rgb(0, >0, 0); min-height: 14px; "><B></B><BR></DIV><DIV \
> > > > > > > > > style="margin-top: >0px; margin-right: 0px; margin-bottom: 0px; \
> > > > > > > > > margin-left: 41px; >text-indent: -41px; "><FONT face="Helvetica" \
> > > > > > > > > size="3" >color="#000000" style="font: 12.0px Helvetica; color: \
> > > > > > > > > >#000000"><B>From: </B></FONT><FONT face="Helvetica" size="3" \
> > > > > > > > > > >style="font: 12.0px Helvetica">SPI Dynamics <<A \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> > > > > > > > > > > \
> --Apple-Mail-13-75432651--
>
>
>
> --__--__--
>
> _______________________________________________
> Owasp-dotnet mailing list
> Owasp-dotnet@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
>
>
> End of Owasp-dotnet Digest
_________________________________________________________________
Accurate weather reports for this week & the weekend!
http://www.msn.ie/weather
-------------------------------------------------------
SF.Net email is Sponsored by the Better Software Conference & EXPO
September 19-22, 2005 * San Francisco, CA * Development Lifecycle Practices
Agile & Plan-Driven Development * Managing Projects & Teams * Testing & QA
Security * Process Improvement & Measurement * http://www.sqe.com/bsce5sf
_______________________________________________
Owasp-dotnet mailing list
Owasp-dotnet@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/owasp-dotnet
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic