April 16th, 2014

OWASP Pantera Web Assessment Project

This looks like a promising new project for doing web app assessments. I haven’t tried it yet, but it sounds like they’ve been working on it for a while. It’s based on SPIKE proxy which means that they at least started off from a good place, :). What I’d really like to see implemented is some infrastructure for dealing with some of the difficulties that arise from using and assessing AJAX. I haven’t seen these addressed well in even the commercial scanners that I’ve tested. There was a very good talk at Toorcon on Breaking AJAX Web Applications: Vulns 2.0 in Web 2.0 which covered lots of problems with some of the common AJAX frameworks, and also showed that not all of them are easy to fix (or assess).

ps. Speaking of new tools, nessus released 3.0.4 today.

One Response to 'OWASP Pantera Web Assessment Project'

  1. 1Midnight Research Labs – OWASP Sprajax
    October 31st, 2006 at 1:16 am

    [...] Just shortly after I had complained about AJAX assessment tools, I found that OWASP has also started a new project called Sprajax which aims to “assess the security of AJAX-enabled applications“. Despite having formed only less than a month ago, they already have a download available. One cool thing that I see is that they actually try to determine which framework the site is using in order to tune the tests accordingly. Now if they’d only port away from the .net framework so I wouldn’t have to use VMware just to test it out (users are never happy, . [...]

Leave a Response

Imhotep theme designed by Chris Lin. Proudly powered by Wordpress.
XHTML | CSS | RSS | Comments RSS