Key Project Information:OWASP Web Application Scanner Specification Project

About
This project will attempt to outline some of the shortcomings of currently available web application vulnerability scanners and offer a plan for comparing and/or building web application vulnerability scanners.

Goals & Roadmap
In the near future, we will be focused on the following goals...

1. Clean up feature redundancy

2. Further categorize and document modules

3. Add to platform specific checks (ex. file extensions, ) 4. Adding additional "check" modules

Content
  Dynamic Analysis of Web Application Security in Respect to Current Web Application Vulnerability Scanners: Specification of Needs in Comparison to Current Offerings Introduction/Scope:</B></U></FONT></FONT></P> <P STYLE="margin-bottom: 0in">There will always be a &quot;gap&quot; between the types of attacks that can be performed and those which can be found by an automated scanner. This paper will attempt to outline some of those shortcomings and offer a plan for comparing/building a web application vulnerability scanner.</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in">	&bull;	Need for analysis by attack type</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in">	&bull;	Coverage and integration with other tools and/or scripting support</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in">	&bull;	Need to assist &quot;technical&quot; attacker to perform &quot;custom&quot; checks</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in">	&bull;	Support for &quot;custom&quot; reporting</FONT></FONT></P>

<P STYLE="margin-bottom: 0in">_____________________________________________________________________________________</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><U>General Topics:</B></U></FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT SIZE=3>	&bull;	Automated vs. Manual Discovery – The Need for Integration Between Tools</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Web Application Security – The Need for Automated Testing Tools </FONT></FONT> </P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Integrated Threat Modeling Feature – Identifying API Exposures and Assigning Risk</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Ideal Baseline - Needs For Scanner:</B></U></FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Integration with Std. VA scanner</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Integration with HTTP Proxies</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Exportable Storage of Results</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	XML Format</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Database Formats</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Scanners and Tools to Integrate With</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	OWASP WebScarab</FONT></FONT></P>

<P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	XXXcommercialXXX</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	XXXcommercialXXX</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	XXXcommercialXXX</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	XXXcommercialXXX</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	OWASP DIRBuster</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Google harvester module</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Ability to Document/Flag Good and Bad Results</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Limit scan to specified IPs/Hosts, Domains, and Ports Discovered on Host running HTTP(s) </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull; checksum content b/t ports, hosts, etc. for same content</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Be able to accurately reproduce results (ex. AppScan -- reply request and show in browser)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Spidering and Resource Identification </FONT></FONT> </P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	User defined optimization of scan threads, timeouts, etc</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Virtual host identification - edit cost, diff btw pages –</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull; HDM idea - Intranet hostname exposure, etc.....over 512 bytes, insane overhead</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	DNS grinding, etc </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	http://www.owasp.org/index.php/Testing_for_Application_Discovery_(OWASP-IG-005)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Auth vs UnAuth forced Browsing </FONT></FONT>

</P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	checkout step bypass, etc</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Accurately identify directories and files present (and supported extensions)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Ability to add checks for permeation based dir checks</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	User is able to specify and retest extra files, dirs, and attacks as well as add to test &quot;template&quot;</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	(retest/add this dir for all vulns/files, retest this dir for XSS, rerun all SQL injection, etc)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Ability to specify custom HTTP requests and form templates based on HTTP requests and errors</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Fuzzer </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ability to model after &quot;stored&quot; requests,</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	pop out?</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	HTTP</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	WSDL</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Iteration based fuzzing and discovery - ie, Pornzilla</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Cookies/Session testing and analysis </FONT></FONT>

</P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	automated analysis and manual analysis replay idea (my idea kinda......need to elaborate)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Platform Specific tests and customization/AI (MS, .Net, Java, Apache)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Path, Error Path and Verbose errors Identification </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Tomcat</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ASP.NET</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	CFM</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	JSP</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Apache</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Request Comparison</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Cookies</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Collection</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Encoder/Decoder</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Comparison</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Authentication Tester/Brute Forcer</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Form</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Basic</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	NTLM</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Cookies/Sessions</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	SSL/Encryption strength analysis</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Easy &quot;dictionary&quot; customization</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Application Servers/Frameworks</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Apache Tomcat</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Ruby on Rails</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Django</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	JavaScript Framework Identification</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Dojo</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	script.aculo.us</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Prototype</FONT></FONT></P>

<P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	DWR</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	GWT</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Sajax	</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Endpoint Identification</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	3rd Party Resources</FONT></FONT></P>

<P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	RSS</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Atom</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Misc. Web Service oriented</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Web Admin Console Identification</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	JBoss</FONT></FONT></P>

<P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	JRun</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Web Services</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	SOAP</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	WSDL</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	UDDI/Endpoint Discovery Protocols</FONT></FONT></P>

<P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	WS-Security</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ReST</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Flash/Flex</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Java</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ActiveX</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	User identification (error messages, user dirs, etc) and customization (ex. add to BF dictionary)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	DB Platform Identification</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	MSSQL</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	MySQL</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Sybase</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	MS Access</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Oracle</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	DB2</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	DB/XML store of files/dirs - grepable</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P>

<P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Platform and Resource Requirements:</B></U></FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	DB Platform Identification</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	MSSQL</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	MySQL</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Sybase</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	MS Access</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Oracle</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	DB2</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Web Platform Identification</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	IIS</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Tomcat</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ASP.NET</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	CFM</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	JSP</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Apache</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ActiveX</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Java Applets</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Javascript and JS Frameworks</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Flex</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Flash</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ReST</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	SOAP/WSDL</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	WEBrick</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Django (python)</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P>

<P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Modules:</B></U></FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	XSS </FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	DOM Injection Attacks</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Stored</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Reflected</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Injection Attacks</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	SQL</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	XML/XPATH/XMLRCP/SOAP - DOM-based XSS - Difficult - can't grep sourcd</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	JSON (Javascript Object Notation) </FONT></FONT> </P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Link Injection/Insertion (eg. OWA)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Dir Traversal</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	File Include</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	XSRF</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	HTTP Response Splitting</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Cookie Collector and Checks</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Cookies Enabled (Y/N)</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Flags Set in Cookies</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	HTTPOnly</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Secure</FONT></FONT></P>

<P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Domain</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Path</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Expires</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Cookie Randomization</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	GUI plotting</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Web Platform Specific Checks</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	IIS</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	IPP</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	IDA/IDQ</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	FrontPage</FONT></FONT></P>

<P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Anon</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Files/Extensions</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	MSSQL</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Microsoft .NET</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	.NET Version Enumeration</FONT></FONT></P>

<P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ViewState</FONT></FONT></P> <P STYLE="margin-left: 2.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Decoder</FONT></FONT></P> <P STYLE="margin-left: 2.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Value collection</FONT></FONT></P> <P STYLE="margin-left: 2.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Value comparison</FONT></FONT></P> <P STYLE="margin-left: 3in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Identification of Repeating VS Unique Values</FONT></FONT></P>

<P STYLE="margin-left: 3in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Identification of Possibly Sensitive Values</FONT></FONT></P> <P STYLE="margin-left: 3in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Changes in Relation to Application Logic</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Apache</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	userdir</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	MySQL</FONT></FONT></P>

<P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Docs</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Modules installed</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	OpenSSL</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ModSSL</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Expect</FONT></FONT></P>

<P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ModSecurity</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Mod_jk</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Apache Tomcat</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	mgmt/admin interface</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Docs</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	General platform and hardware/device specific checks</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Parameter identification (Identify inputs)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Identify ALL Resources that appear to accept &quot;user-defined&quot; input</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	HTTP OPTIONS</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	HTTP Track/XST</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Comments</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Internal IP Disclosure</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Mgmt Interface Scanner </FONT></FONT> </P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	/jmx-console</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	/web-console</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Conf File Scanner </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	/WEB-INF/web.xml</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	/robots.txt</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	/.htaccess</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	/jmx-console site enumeration (not just identify presence of web console)</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	/web-console site enumeration (not just identify presence of web console)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	File Include/Insertion Scanner (esp PHP)</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Authentication Scanner</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Basic/NTLM Identification</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Form-based Authentication Identification</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Username Enumeration</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	User-dir</FONT></FONT></P>

<P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Page Scraping </FONT></FONT> </P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Site Mirroring</FONT></FONT></P> <P STYLE="margin-left: 2in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Google – Email Scraper </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Brute-Forcer</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Dictionary attacker</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Easy &quot;dictionary&quot; customization</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Default Password Tester</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	By Platform</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Source Code Disclosure (eg. %00, %20)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Page pattern matcher (Page Structure VS &lt;Diff&gt; Page Content)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Incorrect usage of eval</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	OS command shell</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3></FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Software Version Identification </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	regex values</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	window &lt;Title&gt; names</FONT></FONT></P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	comments </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	base platform</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Hidden Fields/Links Enumerator</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	File Upload Enumerator</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Log File Scanner</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Temp Files</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Search Function for associated Vulns and software versions</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Ability to Reference Common Security Sites for Vulnerability Information</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Path Case-sensitivity enumerator</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Encodings Supported</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Servlet Mapper</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Local Search Engine Enumeration</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Google File/DIR mapper</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	BackEnd DB Type Enumerator</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Application logic enumerator</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	ActiveX, Java object enumerator</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	LDAP Checks</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	File Ext and Dir Mapper </FONT></FONT> </P>

<P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	System Platform Type/Version Enumerator</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Supported File Types Enumerator</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Unmapped File Extensions</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Identifying &quot;sensitive&quot; data</FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Web Framework and Application Fingerprinting </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Flash/Flex </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	J2EE</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	JBoss

</FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	JRun</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Apache Foundation</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Web Server</FONT></FONT></P> <P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Tomcat</FONT></FONT></P>

<P STYLE="margin-left: 1.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Axis </FONT></FONT> </P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Ruby on Rails</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Zend</FONT></FONT></P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Django </FONT></FONT>

</P> <P STYLE="margin-left: 1in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Jakarta Struts (and other MVC architectures)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Exposed Source-Code analysis (VM-like environment to run in)</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	FireBug (pop-out?)</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>_____________________________________________________________________________________</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3><U><B>Reporting/Results:</B></U></FONT></FONT></P>

<P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	Database/XML compatible storage </FONT></FONT> </P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	data correlation with other (HTTP) tools</FONT></FONT></P> <P STYLE="margin-left: 0.5in; margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	&bull;	AUTO TXT, DB, SQL, source file ARCHIVER/STORED DIRECTORY</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><BR> </P> <P STYLE="margin-bottom: 0in"><BR> </P>

<P STYLE="margin-bottom: 0in"><FONT FACE="Times, serif"><FONT SIZE=3>	</FONT></FONT></P> <P STYLE="margin-bottom: 0in"><BR> </P> <P STYLE="margin-bottom: 0in"><BR> </P> <P STYLE="margin-bottom: 0in"><BR> </P>