[Openvas-devel] OpenVAS and Web App Security

Christian Eric Edjenguele christian.edjenguele at owasp.org
Tue Oct 20 11:23:52 CEST 2009

Hash: SHA1

Hi Christian,
a web application scanner feature for OpenVAS is a really great idea,
currently I'm working on a SQL injection tool
http://opensqling.sourceforge.net/ it is Embeddable an plugins-based,
this means it can also be used for XSS and other vulnerabilities. I have
not released the source code yet, but I can share the engine.


Christian Kuersteiner wrote:
> Hi,
> I was talking with Jan about the plan to further integrate web 
> application security scans into OpenVAS. I would be interested to help 
> out there (and of course in other areas).
> Could you guys elaborate on this plan? I guess the goal wouldn't be a 
> fully specialized web app security suite like WebInspect or Acunetix. On 
> the other side some basic scans are already supported with the 
> integration of nikto. So I am very keen to know what ideas you have in 
> mind, where to start it and where it should lead.
> On another note I saw in the Devconf minutes that one step is to support 
> virtual hosts scanning. If someone could give me some pointers to start 
> with or maybe is already working on it? If some of this discussion 
> should be rather in the plugins list feel free to move it there since I 
> was unsure if the most changes would be in the code base or rather in 
> the plugins itself.
> Thanks and best Regards,
> Christian
> _______________________________________________
> Openvas-devel mailing list
> Openvas-devel at wald.intevation.org
> http://lists.wald.intevation.org/mailman/listinfo/openvas-devel

- --
Christian Eric Edjenguele
IT Security Engineer
PGP KeyID: 0xB1654498

Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/


More information about the Openvas-devel mailing list