tl;dr Don’t write your own web application security scanner, it is too hard. Contribute to an existing project instead.
Every now and then I receive an email with this format: “I’ve used web scanning tool X for a while and it doesn’t work the way I want. I’m writing my own tool and would like you to help me with some ideas/pointers”. Usually I answer privately, but that doesn’t seem to be scaling, so here’s my public response to all of you.
Writing and ...Read more →