Thanks all for your kind answers :) So even if W3AF doesn't cover all Top 10 OWASP, can someone please tell me which of the following points are covered (even partially)
Thanks a lot: A1-Injection A2-Cross Site Scripting (XSS) A3-Broken Authentication and Session Management A4-Insecure Direct Object References A5-Cross Site Request Forgery (CSRF) A6-Security Misconfiguration A7-Insecure Cryptographic Storage A8-Failure to Restrict URL Access A9-Insufficient Transport Layer Protection A10-Unvalidated Redirects and Forwards Davide On 20 April 2011 15:38, Paolo Perego <[email protected]> wrote: > On 20 April 2011 15:14, davide sozzi <[email protected]> wrote: >> >> Hi, >> >> ok thanks but then this bring me to the next question: when a web >> scanner company say: "we cover all top10 OWASP risks" are they lying >> then (see Acunetix, Sandcat etc)? > > Hi Davide, when companies says that they are compliant to something or > someone and they pretend to have the 'catch it all' tool 100% accurate, 100% > false positive free, 0 configuration ... well lying... what a ugly word... > sales men don't lay they tell you a 'different' truth. > It the same stories when consultancies says they are leader of one > technology or so on, isn't it? > [1] 100% accuracy in security, I'm sorry but as Andres saw even with an > hybrid approach (black+white test) does *not* exists. > Ciao ciao > Paolo > -- > "... static analysis is fun, again!" > > OWASP Orizon project leader, http://github.com/thesp0nge/owasp-orizon > OWASP Esapi Ruby project leader, > https://github.com/thesp0nge/owasp-esapi-ruby > ------------------------------------------------------------------------------ Benefiting from Server Virtualization: Beyond Initial Workload Consolidation -- Increasing the use of server virtualization is a top priority.Virtualization can reduce costs, simplify management, and improve application availability and disaster protection. Learn more about boosting the value of server virtualization. http://p.sf.net/sfu/vmware-sfdev2dev _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
