A pointer to a pointer (no, this isn't C)

by pat eyler

Justin Clarke writes about Oedipus a web server security analysis tool written in Ruby.

Oedipus takes a multi-phased approach. First, it does a logfile analysis looking for potential vulnerabilities creating a specially formatted oedipus output file. Second it process the oedipus file, using security plugins to identify a variety of security problems. Third, Oedipus creates an html report for the tester. Fourth, it provides a mechanism for running additional tools based on the results of the security scan (note thought, that these tools haven't been written yet).

While Oedipus is listed as being alpha (and is in fairly early development) it looks like it's maturing quickly. Thanks, Justin, for pointing it out.


Justin Clarke
2006-02-28 05:01:31
If people are interested in this topic, and have a particular security bent, feel free to contribute plugins or patches.

The project is moving quite fast at the moment - a FXRuby GUI is in the cvs right now, and a lot of additional testing functionality is in development...