Comments on: MIT/Stanford/Syracuse Team Develop New PHP Intepreter-Based XSS and SQL Security Tester http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/ Software Development, Web Applications and Business Analytics Wed, 10 Mar 2010 14:03:09 +0000 http://wordpress.org/?v=2.9 hourly 1 By: Kris http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/comment-page-1/#comment-1400 Kris Mon, 16 Nov 2009 18:54:33 +0000 http://www.rkrishardy.com/?p=181#comment-1400 A quick update... Acunetix WVS can do this, so it doesn't look like Ardilla is the only way. However, Acunetix is very expensive (close to $10,000 a license, last time I checked). This may be a project for my Java Certified Developer certification. ;) I talked to the guys at Acunetix about how their query taint tracking works, and they were a little tight lipped. I haven't had a chance to look at the code, although a reputable source tells me that it needs some work... I found this link to a list of web vulnerability scanners. I'm working through them when I get the time. http://sectools.org/web-scanners.html A quick update… Acunetix WVS can do this, so it doesn’t look like Ardilla is the only way. However, Acunetix is very expensive (close to $10,000 a license, last time I checked). This may be a project for my Java Certified Developer certification. ;)

I talked to the guys at Acunetix about how their query taint tracking works, and they were a little tight lipped. I haven’t had a chance to look at the code, although a reputable source tells me that it needs some work…

I found this link to a list of web vulnerability scanners. I’m working through them when I get the time.

http://sectools.org/web-scanners.html

]]> By: Nicolae Nmaolovan http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/comment-page-1/#comment-991 Nicolae Nmaolovan Mon, 28 Sep 2009 18:29:58 +0000 http://www.rkrishardy.com/?p=181#comment-991 Hi, I'm interested too, is there any know alternatives ? This would be very useful.. Hi, I’m interested too, is there any know alternatives ? This would be very useful..

]]> By: Kris http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/comment-page-1/#comment-512 Kris Tue, 18 Aug 2009 16:29:31 +0000 http://www.rkrishardy.com/?p=181#comment-512 I've talked with the guys at Washington about this, and they are interested in making it Open Source, but it doesn't look like it has moved forward yet. I'm keeping an eye on this, and may have a go on my own, because I would love to use it too. I’ve talked with the guys at Washington about this, and they are interested in making it Open Source, but it doesn’t look like it has moved forward yet. I’m keeping an eye on this, and may have a go on my own, because I would love to use it too.

]]> By: Breck http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/comment-page-1/#comment-491 Breck Mon, 17 Aug 2009 23:13:19 +0000 http://www.rkrishardy.com/?p=181#comment-491 Wow, really smart idea. Any updates on whether this will be released? I've got some large codebases that I would love to try it on. Wow, really smart idea.

Any updates on whether this will be released? I’ve got some large codebases that I would love to try it on.

]]> By: How I Make $5000 a Month Posting Links on Google http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/comment-page-1/#comment-191 How I Make $5000 a Month Posting Links on Google Fri, 26 Jun 2009 00:43:33 +0000 http://www.rkrishardy.com/?p=181#comment-191 Loved your latest post, by the way. Loved your latest post, by the way.

]]> By: Katy http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/comment-page-1/#comment-187 Katy Wed, 24 Jun 2009 03:43:40 +0000 http://www.rkrishardy.com/?p=181#comment-187 Pretty nice post. I just found your blog and wanted to say that I have really liked reading your blog posts. Anyway I'll be subscribing to your feed and I hope you write again soon! Pretty nice post. I just found your blog and wanted to say
that I have really liked reading your blog posts. Anyway
I’ll be subscribing to your feed and I hope you write again soon!

]]> By: Wayne State Web Communications Blog » Blog Archive » [Friday Links] The Summer Edition http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/comment-page-1/#comment-183 Wayne State Web Communications Blog » Blog Archive » [Friday Links] The Summer Edition Sun, 21 Jun 2009 13:15:30 +0000 http://www.rkrishardy.com/?p=181#comment-183 [...] MIT/Stanford/Syracuse Team Develop New PHP Intepreter-Based XSS and SQL Security Tester [...] [...] MIT/Stanford/Syracuse Team Develop New PHP Intepreter-Based XSS and SQL Security Tester [...]

]]> By: Digital Media Minute http://www.rkrishardy.com/2009/06/new-php-interpreter-based-xss-and-sql-security-tester/comment-page-1/#comment-178 Digital Media Minute Sat, 20 Jun 2009 07:04:22 +0000 http://www.rkrishardy.com/?p=181#comment-178 <strong>PHP Security Checker...</strong> We did a post on ten security checks for PHP, and pointed to a PHP security guide as well. On a more recent, related note, you might want to take a look at Rkrishardy.com regarding researchers from MIT, Stanford and Syracuse having developed “Ardilla... PHP Security Checker…

We did a post on ten security checks for PHP, and pointed to a PHP security guide as well. On a more recent, related note, you might want to take a look at Rkrishardy.com regarding researchers from MIT, Stanford and Syracuse having developed “Ardilla…

]]>