Comments on: Someone else actually likes NTOSpider? http://anautonomouszone.com/blog/archives/16 An autonomous zone to promote an exchange of ideas, skills, and experiences with computer (in)security. Tue, 15 Sep 2009 22:49:34 -0600 http://wordpress.org/?v=2.8.4 hourly 1 By: Ehsan http://anautonomouszone.com/blog/archives/16/comment-page-1#comment-8596 Ehsan Tue, 15 Sep 2009 22:49:34 +0000 http://anautonomouszone.com/blog/?p=16#comment-8596 Great post. But with the sky high pricing for commercial version , it is hardly affordable to use multiple scanners. Great post. But with the sky high pricing for commercial version , it is hardly affordable to use multiple scanners.

]]> By: Kristian Erik Hermansen http://anautonomouszone.com/blog/archives/16/comment-page-1#comment-5609 Kristian Erik Hermansen Fri, 19 Jun 2009 00:07:58 +0000 http://anautonomouszone.com/blog/?p=16#comment-5609 Chuck/Caleb, Excellent comments! I think both sides of the issue have been presented well. Now it's time for me to write that automated webapp scanner ;-P Chuck/Caleb,

Excellent comments! I think both sides of the issue have been presented well. Now it’s time for me to write that automated webapp scanner ;-P

]]> By: Caleb Sima http://anautonomouszone.com/blog/archives/16/comment-page-1#comment-5 Caleb Sima Mon, 07 Jul 2008 01:59:11 +0000 http://anautonomouszone.com/blog/?p=16#comment-5 Ran across your blog due to my google alert (gotta love it). I pretty much agree with most of what you have said here except for one key issue. Your quote: "I mean to build a web app scanner generally isn’t rocket science". I have to say - being the founder and CTO of SPI Dynamics(now HP) at the surface it may seem like that but there is nothing farther from the truth. It is one of the most complicated pieces of technology I have ever had to deal with. Its not as simple as parsing out HREFs and sticking single quotes in params. Start adding in that nobody follows HTTP or HTML specs and you add some trouble. Start throwing in the huge complex state management mechanisms in applications that are custom coded from app to app then top it off with the flood of client side code(flash,ajax,silverlight.. blah blah). You have yourself quite a project. Sure you say - I will just use mozilla's engine and be done. Good luck :) Of course I have just barely touched the surface into the complications of building one. There is a reason we can't seem to really get it right and there are not that many players in this game.. at the end of the day building a good robust and comprehensive web app scanner that works from basic asp website to bank of america is a royal PIA! Try it :) btw - nice blog! Ran across your blog due to my google alert (gotta love it). I pretty much agree with most of what you have said here except for one key issue. Your quote: “I mean to build a web app scanner generally isn’t rocket science”.
I have to say – being the founder and CTO of SPI Dynamics(now HP) at the surface it may seem like that but there is nothing farther from the truth.
It is one of the most complicated pieces of technology I have ever had to deal with. Its not as simple as parsing out HREFs and sticking single quotes in params. Start adding in that nobody follows HTTP or HTML specs and you add some trouble. Start throwing in the huge complex state management mechanisms in applications that are custom coded from app to app then top it off with the flood of client side code(flash,ajax,silverlight.. blah blah). You have yourself quite a project. Sure you say – I will just use mozilla’s engine and be done. Good luck :) Of course I have just barely touched the surface into the complications of building one.
There is a reason we can’t seem to really get it right and there are not that many players in this game.. at the end of the day building a good robust and comprehensive web app scanner that works from basic asp website to bank of america is a royal PIA! Try it :)
btw – nice blog!

]]> By: Aaron Wakling http://anautonomouszone.com/blog/archives/16/comment-page-1#comment-3 Aaron Wakling Mon, 07 Jul 2008 01:15:18 +0000 http://anautonomouszone.com/blog/?p=16#comment-3 I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future. I found your blog on google and read a few of your other posts. I just added you to my Google News Reader. Keep up the good work. Look forward to reading more from you in the future.

]]>