Comments on: ASP Auditor v2 BETA http://michaeldaw.org/projects/asp-auditor-v2 Weekly humour Thu, 07 May 2009 20:09:50 +0000 http://wordpress.org/?v= hourly 1 By: Web Application Security Fuzzing Tools | Whatsup http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-49548 Web Application Security Fuzzing Tools | Whatsup Thu, 17 Jan 2008 23:56:06 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-49548 [...] 1. SPIKE Proxy 2. WebScarab 3. Burp Intruder 4. Wapiti 5. RFuzz The Web Destroyer 6. OWASP WSFuzzer 7. SPI Fuzzer 8. Suru Web Proxy 9. AppScan 10. ASP Auditor [...] [...] 1. SPIKE Proxy 2. WebScarab 3. Burp Intruder 4. Wapiti 5. RFuzz The Web Destroyer 6. OWASP WSFuzzer 7. SPI Fuzzer 8. Suru Web Proxy 9. AppScan 10. ASP Auditor [...]

]]> By: 2007 Security Testing tools in review | tssci security http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-49364 2007 Security Testing tools in review | tssci security Sat, 24 Nov 2007 17:46:11 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-49364 [...] Java, there is Milk (based on Orizon), LAPSE, and SWAAT (only JSP). ASP classic and ASP.NET have ASP Auditor, SWAAT, and DN_BOFinder. Javascript has JSLint. There are also static code analysis tools [...] [...] Java, there is Milk (based on Orizon), LAPSE, and SWAAT (only JSP). ASP classic and ASP.NET have ASP Auditor, SWAAT, and DN_BOFinder. Javascript has JSLint. There are also static code analysis tools [...]

]]> By: My favorite 10 Web Application Security Fuzzing Tools | Dragos Lungu Dot Com http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-28529 My favorite 10 Web Application Security Fuzzing Tools | Dragos Lungu Dot Com Sat, 12 May 2007 17:22:34 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-28529 [...] ASP Auditor The purpose of this tool is to look for common misconfiguration and information leaks in ASP.NET [...] [...] ASP Auditor The purpose of this tool is to look for common misconfiguration and information leaks in ASP.NET [...]

]]> By: Operation n » Bypassing ASP.NET XSS Filters http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-19641 Operation n » Bypassing ASP.NET XSS Filters Tue, 10 Apr 2007 08:53:45 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-19641 [...] ASP Auditor (with a little mod) could be used to test if your web server(s) are vulnerable. Let me know if your interested. I hope to add this check to the tool shortly. [...] [...] ASP Auditor (with a little mod) could be used to test if your web server(s) are vulnerable. Let me know if your interested. I hope to add this check to the tool shortly. [...]

]]> By: david.kierznowski http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-32 david.kierznowski Fri, 15 Sep 2006 11:05:51 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-32 Yeh, quite obvious bug. Yes that is what it should have said. You can see my eyes were getting droopy at this point :) Yeh, quite obvious bug. Yes that is what it should have said. You can see my eyes were getting droopy at this point :)

]]> By: anon http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-31 anon Fri, 15 Sep 2006 10:48:46 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-31 Hi there, I was playing with the tool and thought isn't the code below better to check if ASP.NET Validate is enabled or not. #my $fake_asp = "FAQ$$.aspx<script>FAQ$$</script>"; my $fake_asp = "<script>FAQ$$</script>"; #if ($fake_uri =~ m/(.*)\//) { $fake_uri = $1 } #$fake_uri .= "/$fake_asp"; $fake_uri .= "?$fake_asp"; Hi there,
I was playing with the tool and thought isn’t the code below better to check if ASP.NET Validate is enabled or not.

#my $fake_asp = “FAQ$$.aspx<script>FAQ$$</script>”;
my $fake_asp = “<script>FAQ$$</script>”;

#if ($fake_uri =~ m/(.*)\//) { $fake_uri = $1 }

#$fake_uri .= “/$fake_asp”;
$fake_uri .= “?$fake_asp”;

]]> By: david.kierznowski http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-28 david.kierznowski Fri, 15 Sep 2006 09:00:08 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-28 The problem has been resolved. You should be able to download it now via the link above. The problem has been resolved. You should be able to download it now via the link above.

]]> By: david.kierznowski http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-27 david.kierznowski Fri, 15 Sep 2006 07:27:52 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-27 A bit of a bug me thinks.. I have modified the href to /projects/ as a temp. fix. Thanks for reporting it. A bit of a bug me thinks.. I have modified the href to /projects/ as a temp. fix. Thanks for reporting it.

]]> By: Guest http://michaeldaw.org/projects/asp-auditor-v2/comment-page-1#comment-26 Guest Fri, 15 Sep 2006 07:01:46 +0000 http://michaeldaw.org/projects/asp-auditor-v2/#comment-26 Hi, unfortunately your download link is broken :( Greets Hi,
unfortunately your download link is broken :(
Greets

]]>