Coincidentally I am also in the midst of writing a automater web security scanner by using Watir, e.g. to spider all the links and forms on a website and attempt sql injection, XSS and parameter tampering attacks.
I have some difficulty such as tampering with parameters in drop-down lists, checkboxes or bypassing javascript validation controls on form fields, as watir APIs don't seem to support changes to the html elements (apart from text field values...) boonhoo On 10/23/05, Atilla Ozgur <[EMAIL PROTECTED]> wrote: > I have sent two articles about watir to inet-tr conference. Which is > one of the most prestigious Internet Conferences of Turkey. Both were > accepted. First one is fairly simple only an introduction to Watir. > Second one shows how you can use watir for Sql Injection attacks. > > I hope that these articles will increase awareness of Watir in Turkey. > Since this is a big conference in Turkey, Most university teachers and > a lot of Company members come to it. > > I wanted to share my joy with you. Unfortunately both papers are in > Turkish. But i will translate sql injection one to english, when I > find some time. Thanks to watir community and also my thanks to Paul > Rogers and Bret Pettichord to make watir. > > _______________________________________________ > Wtr-general mailing list > [email protected] > http://rubyforge.org/mailman/listinfo/wtr-general > _______________________________________________ Wtr-general mailing list [email protected] http://rubyforge.org/mailman/listinfo/wtr-general
