🦅 Simo What are you working on right now?
🗿 Ali My own web application security testing framework.
🦅 Simo anything public on it yet?
🗿 Ali Not yet. I worked on a scanner project for 3 years and discovered some common issues in web application security scanners. All of them have same problems by design. Based on my researches and ideas I started to make the framework ;)
🦅 Simo if it's not a huge secret, what's the common problem with the scanners? Out of interest since I also do work in the cybersecurity product domain, but on the detection side.
Login or request your account to reply
🗿 Ali 1. A global predefined and fixed config for any thing. e.g. global parameter variation limit. for example max to be 50 for "p=1234" and "p=settings.php" 2. Missing differential analysis on captured pages and results. 3. Missing ML feature-based analysis. 4. They think all of paths as file/dir and not file/dir and function/mounted route. Tell about your works.
🦅 Simo Interesting, although I know too little of the scanner space to comment anything intelligent. I run a company with a network detection product using the deception method (i.e. fancy honeypots), you can check some specs out at avesnetsec.com