[Openvas-devel] OpenVAS and Web App Security

Christian Eric Edjenguele christian.edjenguele at owasp.org
Tue Oct 20 11:23:52 CEST 2009


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Christian,
a web application scanner feature for OpenVAS is a really great idea,
currently I'm working on a SQL injection tool
http://opensqling.sourceforge.net/ it is Embeddable an plugins-based,
this means it can also be used for XSS and other vulnerabilities. I have
not released the source code yet, but I can share the engine.

Regards.

Christian Kuersteiner wrote:
> Hi,
> 
> I was talking with Jan about the plan to further integrate web 
> application security scans into OpenVAS. I would be interested to help 
> out there (and of course in other areas).
> 
> Could you guys elaborate on this plan? I guess the goal wouldn't be a 
> fully specialized web app security suite like WebInspect or Acunetix. On 
> the other side some basic scans are already supported with the 
> integration of nikto. So I am very keen to know what ideas you have in 
> mind, where to start it and where it should lead.
> 
> On another note I saw in the Devconf minutes that one step is to support 
> virtual hosts scanning. If someone could give me some pointers to start 
> with or maybe is already working on it? If some of this discussion 
> should be rather in the plugins list feel free to move it there since I 
> was unsure if the most changes would be in the code base or rather in 
> the plugins itself.
> 
> Thanks and best Regards,
> 
> Christian
> _______________________________________________
> Openvas-devel mailing list
> Openvas-devel at wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel


- --
Christian Eric Edjenguele
IT Security Engineer
PGP KeyID: 0xB1654498

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQEcBAEBAgAGBQJK3YGgAAoJENETScWxZUSYbdAH/1bJjFvqJRNDsyYen+d41IZQ
O8NewvCyPmVD/TFQA4VxO4bznlVJcQrvDc3hugIybAUdDYm5zeQ6xw24UIA/oTB6
xLvKKb7QY8s4ikVf96HaqF0CLX/VchP94UQDYTa/fbhoPwxDjb6C/ztHpnATUMMh
UDOoIxMJ+dDwOhaYXMtiYhwIb6c72OCikfKO/heV5f3so06ZVRGj2DWcCdD4YmI1
1ysLu4ukTPct/lzpTGwqnjyAfkEvyAzRxA1rXz6vhNTkh0j0f8Scz/m7IbceJwXf
xzHayRJEbySVVf7ANdtbdWsZciZR0L9OTHQkncyb68SMRzwdoa19doK3KbjM1Sk=
=UUG2
-----END PGP SIGNATURE-----


More information about the Openvas-devel mailing list