Comments on: We Need Better Web Tools http://www.gnucitizen.org/blog/we-need-better-web-tools/ Information Security Think Tank Sat, 02 Feb 2013 17:50:40 +0000 hourly 1 http://wordpress.org/?v=3.4.1 By: Automated security testing and its limitations | Mike Andrews http://www.gnucitizen.org/blog/we-need-better-web-tools/comment-page-1/#comment-124458 Automated security testing and its limitations | Mike Andrews Mon, 24 Nov 2008 15:23:32 +0000 https://www.gnucitizen.org/?p=1854#comment-124458 [...] testing tools, especially in the web world, are not at the level where they can be used to find even most of the issues in an application.  Myself and others [...] [...] testing tools, especially in the web world, are not at the level where they can be used to find even most of the issues in an application.  Myself and others [...]

]]> By: pdp http://www.gnucitizen.org/blog/we-need-better-web-tools/comment-page-1/#comment-124446 pdp Mon, 24 Nov 2008 10:10:55 +0000 https://www.gnucitizen.org/?p=1854#comment-124446 romain, actually what I was trying to refer to is the shift of tool building practices in the web application security field. IMO, most web app security tools vendors throw resources in the wrong direction. romain, actually what I was trying to refer to is the shift of tool building practices in the web application security field. IMO, most web app security tools vendors throw resources in the wrong direction.

]]> By: romain http://www.gnucitizen.org/blog/we-need-better-web-tools/comment-page-1/#comment-124420 romain Sat, 22 Nov 2008 00:30:06 +0000 https://www.gnucitizen.org/?p=1854#comment-124420 As you said, a tool is only for "helping". There is no way we find a tool that does our work. But for sure some current tools are helping us (what would we all do without Tamper Data, Firebug...) As you said, a tool is only for “helping”. There is no way we find a tool that does our work. But for sure some current tools are helping us (what would we all do without Tamper Data, Firebug…)

]]> By: Adrian 'pagvac' Pastor http://www.gnucitizen.org/blog/we-need-better-web-tools/comment-page-1/#comment-124418 Adrian 'pagvac' Pastor Fri, 21 Nov 2008 20:52:17 +0000 https://www.gnucitizen.org/?p=1854#comment-124418 let's not forget the most timeless web hacker tool: the browser :) there are still serious web security issues like sql injection which can be found (and exploited) with just a browser. OK, some FF extensions help even more, especially if the vulnerable parameter doesnt get submitted in a URL which we can modify directly from the address bar. at the end of the day there is nothing like Brain Technology (TM). granted, i agree web pentesting tools are very limited and we need better ones. let’s not forget the most timeless web hacker tool: the browser :)

there are still serious web security issues like sql injection which can be found (and exploited) with just a browser. OK, some FF extensions help even more, especially if the vulnerable parameter doesnt get submitted in a URL which we can modify directly from the address bar.

at the end of the day there is nothing like Brain Technology (TM). granted, i agree web pentesting tools are very limited and we need better ones.

]]>