I am pleased to announce the release of a new security tool that will assist programmers and system administrators in increasing CGI security. This tool, aptly named cgiaudit, is a black-box debugging tool; it automatically audits CGI entities with only an interface specification, the HTML form. Attack types that a CGI script or program become subject to are configurable, as well as server replies that denote a possible penetration success. Other features include a built-in spider, proxy support, and hexadecimal encoding of requests. A tarball source tree is available at http://www.innu.org/~super/cgiaudit-1.0.tar.gz. - S
