« The quest for valid XHTML... | Main | Oedipus download files temporarily removed »


Beta release of the Oedipus Web Application Scanner is released...

The Oedipus Web Application Scanner project (that I have been writing plugins for) has just released it's first public beta release - version 1.8.1. Oedipus is a penetration testing focused tool, designed for penetration testers and for technical security or web development folks to test their applications for web application security issues. It deviates from many of the commercial tools in that:

  • Oedipus does not claim to be a one stop testing tool that will find every type of hole in your applications. It is, however, pretty good at finding the low hanging fruit so you can spend your time finding the really nasty problems manually
  • Oedipus has some exploitation functionality built in, especially for SQL injection at this point, for generating working exploits for web application vulnerabilities. After all, the best way to show the business impact of an issue is to show it is exploitable
  • It's free, open source, and pretty easy to extend through the use of it's plugin architecture

From the blurb - "Oedipus is an open source web application security analysis and testing suite written in Ruby by Pentration Testers for Penetration Testers. It is capable of parsing different types of log files off-line and identifying security vulnerabilities. Using the analyzed information, Oedipus can dynamically test web sites for application and web server vulnerabilities"

Tags:

Found this useful? Then Digg It.

Posted by Justin Clarke on April 7, 2006 4:12 PM |


Comments (2)

Rory McCune:

Hi Justin,

Is there a separate download for the maimFX GUI? I've downloaded 1.8.1 but I don't see it in the filelist....

Posted by Rory McCune | April 8, 2006 11:08 AM

Posted on April 8, 2006 11:08

Justin Clarke [TypeKey Profile Page]:

In answering Rory's question, the mainFX GUI and a few others plugins have been left out of the beta release. These are still major works in progress, and the beta is intended to include only functionality and plugins that have been well tested. These are still available in the CVS if you want to ride the bleeding edge ;-)

Posted by Justin Clarke [TypeKey Profile Page] | April 9, 2006 12:39 PM

Posted on April 9, 2006 12:39

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)

All spam will be reported

Search

Google
Web justinclarke

About

This page contains a single entry from the blog posted on April 7, 2006 4:12 PM.

The previous post in this blog was The quest for valid XHTML....

The next post in this blog is Oedipus download files temporarily removed.

Many more can be found on the main index page or by looking through the archives.

Subscribe to this blog's feed
[What is this?]
Creative Commons License
This weblog is licensed under a Creative Commons License.
Powered by
Movable Type 3.36

Valid XHTML 1.0!