Tuesday, May 30th, 2006
Sprajax is the first web security scanner developed specifically to scan AJAX web applications for security vulnerabilities. Denim Group, an IT consultancy specializing in web application security, recognized that there were no tools available on the market able to scan AJAX. AJAX allows web-based applications a higher degree of user-interactivity, a feature with growing popularity among developers.
He comments some on his experiences with the software, including some of the must-have software to get it running (C# and SQL server). He walks through a sample execution of a security audit on a remote site, but notes that there are a few problems with this “open source app”:
- The tool only detects the Atlas framework. No Dojo, DWR, etc.
- It only detects SOAP web services used by the Atlas framework. No REST, no framework specific calls.
Posted by Chris Cornutt at 8:24 am