🦅 Simo What are you working on right now?
🗿 Ali My own web application security testing framework.
2y, 29w 11 replies
🦅 Simo anything public on it yet?
2y, 29w 5 replies
🗿 Ali Not yet. I worked on a scanner project for 3 years and discovered some common issues in web application security scanners. All of them have same problems by design. Based on my researches and ideas I started to make the framework ;)
2y, 29w 4 replies
🦅 Simo if it's not a huge secret, what's the common problem with the scanners? Out of interest since I also do work in the cybersecurity product domain, but on the detection side.
2y, 29w 3 replies
🗿 Ali 1. A global predefined and fixed config for any thing. e.g. global parameter variation limit. for example max to be 50 for "p=1234" and "p=settings.php" 2. Missing differential analysis on captured pages and results. 3. Missing ML feature-based analysis. 4. They think all of paths as file/dir and not file/dir and function/mounted route. Tell about your works.
2y, 29w 2 replies
Login or register your account to reply
🦅 Simo Interesting, although I know too little of the scanner space to comment anything intelligent. I run a company with a network detection product using the deception method (i.e. fancy honeypots), you can check some specs out at avesnetsec.com
2y, 29w 1 reply
🗿 Ali Interesting. I have no knowledge of this domain.
2y, 29w reply