[Dailydave] Coverage and a recent paper by L. Suto
Dave Aitel
dave at immunityinc.com
Mon Oct 15 13:04:10 EDT 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
http://ha.ckers.org/files/CoverageOfWebAppScanners.pdf
He compared NTOSpider/Appscan/Webinspect - and NTOSpider "won".
Without the full vulnerability reports and the VM's of the vulnerable
apps, I'm not going to dwell on the comparison of tools, except to say
it's interesting, but I will say that all this focus on "code
coverage" is a bit strange. Vulnerabilities, like fish, tend to
cluster in particular places. Having 10% code coverage is perfectly ok
if it's the code that has the bugs. And you can't see race conditions
with code coverage tools.
Also, most of the value of instrumentation is that when built into
your attack tool you get a real-time human-usable view into the guts
of the application. This is why I don't think byte-code
instrumentation has huge advantages over just hooking Win32 API's. But
I don't have a byte-code parser yet either. :>
Speaking of race conditions, I'm happy to announce that Immunity has
+= Paul Starzetz (http://marc.info/?a=107032640300001&r=1&w=2).
- -dave
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
iD4DBQFHE52HB8JNm+PA+iURAk9xAKCzXrmHP7GdURmWvQqDLQx9FOn8FgCYnfJI
m3XYC6cV71su3IJLIC+qZw==
=RQ5q
-----END PGP SIGNATURE-----
More information about the Dailydave
mailing list