Showing posts with label Chrome plugin. Show all posts
Showing posts with label Chrome plugin. Show all posts

Thursday, 26 December 2013

[Websecurify] Web Security Testing Runtime


A Complete Suite Of Web Security Tools

The Suite provides a complete and functional marketplace of highly integrated web application security tools. You will find that different areas are covered by various domain-specific solutions. The Suite consists of automated scanners, fuzzers, utilities and many other tools useful in numerous situations.

Consistent And Easy To Use

The look and feel is consistent across all applications, which makes them incredibly easy to work with. You no longer have to look for hidden options, remember commands or even change the way you go about doing your work. It all just makes sense.

Wide Coverage Of Security Vulnerabilities

The Suite scanning technology is able to discover variety of issues from XSS, SQL Injection, Local File Includes to Default Logins, Session Problems and many others. OWASP TOP 10, WASC and variety of other lists are well supported. For the complete list of vulnerabilities we can discover just click here.
Posted by at No comments:
Labels: , , , , , , ,

Sunday, 3 November 2013

[Retire.js] Command line Scanner and Chrome plugin

Retire.js is a command line scanner that helps you identify dependencies with known vulnerabilites in your application. Using the provided Grunt plugin you can easily include Retire.js into your build process. Retire.js also provides a chrome extension allowing you to detect libraries while surfing your website.

To detect a given version of a given component, Retire.js uses filename or URL. If that fails, it will download/open the file and look for specific comments within the file. If that also fails, there is the possibility to use hashes for minified files. And if that fails as well, the Chrome plugin will run code in a sandbox to try to detect the component and version. This last detection mechanims is not available in the command line scanner, as running arbitrary JavaScript-files in the node-process could have unwanted consequences. If anybody knows of a good way to sandbox the code on node, feel free to register and issue or contribute.

It's important to note that even though your site is using a vulnerable library, that does not necessarily mean your site is vulnerable. It depends on whether and how your site exercises the vulnerable code. That said, it's better to be safe than sorry.

Posted by at No comments:
Labels: , , , ,
Subscribe to: Comments (Atom)