Blog

Websecurify Websuite Incidents (PHP-CGI, CVE-2012-2311)


Websecurify Websuite Incidents is a cloud-based web application security scanner, designed to find only critical vulnerabilities and provide tools to exploit them. This video demonstrates how the tool can find CVE-2012-2311 (PHP-CGI vulnerability) and run an exploit against the target to get a command shell.



The video also shows some aspects of the user interface, which are helpful when entering multiple targets. You can simultaneously scan all applications across your organization getting instantaneous feedback about your level of exposure to common and widely exploited security issues.
Posted by pdp at 13:43 0 comments

Websuite Scanner Tutorial

Actually you don't need one but here it is anyway. It is part of the service. This is really all you need to know to get started. Nothing else is required.


Posted by pdp at 10:56 0 comments

This is How We Code

Another fun video, which we know you will appreciate.

Posted by pdp at 07:03 0 comments

Retro Websecurify (v0.4) Video

This video is a preview of Websecurify 0.4 from several years ago and we are publishing it today for yours and ours amusement. Enjoy!

Posted by pdp at 05:03 0 comments

Websuite Scanner Preview Video

If screenshots are not enough, here is a video how the Websuite Scanner will feel like when you loggin:

Posted by pdp at 11:00 0 comments

Websecurify Websuite Operation

Here is a diagram how it works:

Posted by pdp at 10:41 0 comments

Websuite Scanner Screenshots

Posted by pdp at 15:30 0 comments

Initial Preview of Websecurify Scanner (scanner.websecurify.com)

The Websecurify Scanner (scanner.websecurify.com) is perhaps the most  innovative and exciting product we have the pleasure to be working on and we just cannot wait to show it to you. Before this happens, however, there are bugs to fix and features to implement. Well, there is less of the bugs and more on the features. Nevertheless here are screenshots of some of the main things to be expected when you login.



You may notice that the product is fairly consistent with the general look and feel of our website and all other tools. The user interface is minimalistic but allows further configuration by various buttons, hovers and other controls. This is what we call "easy by design". There is nothing intrusive or obtrusive and you will see later that the interface is customizable.



Websecurify was designed to take away all the hardship from the decision making. In other words, the testing engine will automatically figure out what to do and what to skip. However, we have added features for advanced users to configure various aspects of the testing scope for example. One of the interesting functionalities is the ability to check the test scope before you proceed with the test. We have realised that the last thing we want you to do is to start a test, which is not even properly configured. So, if you decide to switch the advanced users mode, there are safeguards to help you all the way through the security assessment, so you can relax.


It is our trademark to report issues as soon as we find them. This product is no exception. Vulnerabilities are reported as they are found with all details and supporting examples. You can pause, resume or completely stop the test at any point in time.



We have started exposing various configuration options, which will enable you to customize the tool just the way you want it. There are plenty of features you will be able to tune to your likings. One of the options for example allows you to turn on/off additional visual elements. This may be useful especially when you use the tool on screens of different sizes. There are a lot more options like this, which are designed to "save the day" so-to-say.



The product is in private beta, meaning that it is not publicly available just yet. Instead, we offer a signup form, which we use to gradually enable all users. The demand for the application is heigh, which means that we may not be able to turn on your account immediately but do not be discouraged because we are enabling new users on a daily basis.
Posted by pdp at 16:47 0 comments

Websecurify Mobile 1.0.2 for iOS

Websecurify Mobile 1.0.2 for iOS is now live on the iTunes App Store. All existing customers should receive an update within the next 24 hours.

This version contains the following improvements:

  • The testing engine has been revamped to enable even faster scanning with better results with less device resources.
  • The user interface has been drastically improved with plenty of new visual enhancements.
  • The reporting capabilities has been improved with issue counters, which are used as indicators to show areas that require urgent attention.
  • You can now email the report even when the test is still in progress.

On behalf of the Websecurify team I want to say that it was great pleasure to deliver this version and we hope that you are going to like it as much as we do.
Posted by pdp at 15:11 0 comments

Cold, Coffe, Code

It has been a cold and snowy day here in UK. I've spent most of the time outside making snow men and giant balls of snow. I have also managed to squeeze in some time for pentesting, while drinking coffee in Costa, and I have just finished doing some code refactoring of Websecurify Mobile 1.0.3. Indeed, it has been a productive and very rewarding day.

Here are some screenshots from the latest build of Websecurify Mobile. This release is very stable although we know about one bug, which will be fixed in the next couple of days.

 

So, in theory, this means that we might be able to get out the next update as soon as next week although this depends on how fast we get through Apple's approval process.
Posted by pdp at 11:05 0 comments
Subscribe to: Posts (Atom)