Re: [mod-security-users] web app discovery

[kiran k <kir...@ya...>]

 
  Ok, with positive security there are no rules and it is based on usage pattern, anomalies would be flagged ?
   
  How you determine this behavioural model. It is counter-intuitive to acquire scanning tool to write the policies. How do you write positive security using the rules you mentioned manually. Can you show examples in the downloads ?
   
  -Kiran 

Ivan Ristic <iva...@gm...> wrote:
  On 5/21/06, kiran k wrote:
>
> Are there any tools which discovers web application from an input URL.
>
> I am looking for a tool which crawls recursively and finds the forms, form
> fields, server scripts, cookies and hidden fileds. Based on this information
> I would like to develop policies. If I have this data in xml it would be
> even better.
>
> Any quick starting point would be greatly appreciated, if no tools exists.
> How about any commercial libraries ?

Your best bet might be the commercial tools (web application
vulnerability scanners). But, IMHO, none of the tools I have seen are
smart enough to work in a general case. For example, if the web site
uses JavaScript or Flash for navigation the tool is not going to help
you much.

-- 
Ivan Ristic, Technical Director
Thinking Stone, http://www.thinkingstone.com
ModSecurity: Open source Web Application Firewall


-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0709&bid&3057&dat1642
_______________________________________________
mod-security-users mailing list
mod...@li...
https://lists.sourceforge.net/lists/listinfo/mod-security-users


				
---------------------------------
Do you Yahoo!?
 Next-gen email? Have it all with the  all-new Yahoo! Mail Beta.