On Thursday 10 February 2011 09:55:17 Bhat, Avinash (NSN - IN/Bangalore) wrote: > Hi Friends, > > Is it possible to find CSRF Vilnarabalities using openVAS?
It's unlikely that OpenVAS will at least in the short term include any capabilities for the discovery of /new/ web app vulnerabilities however it does have the ability to integrate with existing F/OSS tools such as w3af and Arachni which do this job much better. With specific regard to CSRF, it's a difficult class of vulnerability to find automatically even with a dedicated tool because the context of the form is unlikely to be understood by the tool e.g. is it a search field or a "new email" field. Tim -- Tim Brown <mailto:[email protected]> <http://www.openvas.org/>
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ Openvas-discuss mailing list [email protected] http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss
