Wednesday, June 24, 2009

Using WIVET to test your crawler

WIVET is a wonderful project for a web security scanner developer. Using WIVET, you can analyse the link extraction/crawling ability of your WASS.

I recommend you to download latest version or an SVN copy to your local web server and test your scanner's crawlers performance. Also you can test your scanners javascript, flash and form parsing ability using this web application.

Don't forget to exclude the offscanpages folder and the logoff link! Also your crawler should have Cookie support enabled since WIVET tracks the crawling ability via a cookie.

So in order to succeed, you already should have;
  • cookie support
  • an exclude capability
  • javascript support (to compete with other commercial scanners)
  • flash support (to compete with other commercial scanners)
Project home
And here is the latest coverage results of some commercial scanners tested by WIVET author. Have fun!

No comments: