Websecurify

Regular updates about Websecurify free and premium website scanners, proxies, fuzzers and insight knowledge about SQL Injection, Cross-site Scripting and other vulnerabilities

Font Websecurify

Here is another fun project you may find useful. We are very happy to introduce Font Websecurify - the Websecurify Suite icon web font. You may have already seen it in action here and here.

Screenshot 01

To start using Font Websecurify, simply embed it like this:

<link href="//fontastic.s3.amazonaws.com/pbXqp7hmA4gdEEsUfQ2gda/icons.css" rel="stylesheet">

Icons are accessible via user-friendly CSS classes. For example, in order to render the Classic Pack icon simply do the following:

<i class="icon-classic"></i>

The <i> tag is completely arbitrary. You can use any tag you like.

Post Your Comments

Secure Coding

Continuing with our ongoing effort to educate our audience here is an old presentation that we did on Secure Coding and Web Application Security best practices. The presentation may be old but the content is still relevant.

WARNING: The presentation contains a lot of internet memes. Browse with care!

Post Your Comments

Hacking Unicode

Unicode has always been a bit misunderstood even by professionals. This is why several years ago we pulled these slides together to clear things up. The presentation is a bit old but still relevant. You may still learn a few things about Unicode that you did not know.

BTW, today we are pushing a lot of our slides to Slideshare. You can find our profile page here. So far you can find some presentations from past conferences and of course our Web Application Security 101 course, which we do once to twice a year.

Post Your Comments

Scanner vs. Recon

What is the difference between Scanner and Recon you may ask? In this blog post we will explore this topic.

Screenshot 01

In order to answer this question we need to look deeper into our core philosophy when developing tools. Websecurify is opposing the idea of putting too much functionality into a single tool. The reason for this is complex but it comes down to several things such as the fact that it is difficult to maintain and improve a large monolithic code-base over time and it is hard to apply fixes when things break. Not to mention that 100s of different configuration options make the user experience confusing. Because of this, if you look at some of the security vendors out there, their technology hasn't changed much while Websecurify's toolkit flourished and transformed several times.

The Scanner and Recon follow closely this philosophy. The Scanner, is general purpose scanner much like Acunetix, Netsparker, WebInspect and so on. It can find all standard vulnerabilities like SQL Injection, XSS, XXE (External XML Entity Injection) etc. much like all other tools. However, if you try to use the Scanner to fingerprint and discover vulnerabilities across multiple applications, perhaps your entire web estate, you will quickly find out that you will be facing an impossible problem. None of the general purpose scanners are designed to handle this type of situation and for a good reason.

The fact of the matter is that scanning tools can either be fast or through. The Scanner falls into the through category. Recon on the other hand is fast. The testing engine used in Recon is exactly the same as the testing engine that we use in the Scanner but it has been tweaked to perform better at the expense of not going deep enough, which is fine when you are testing 60,000 web sites at once (yes we do that from time to time). So the main difference between both tools is that Recon has been optimized to go through the test as quickly as it can skipping steps when necessary while the Scanner has been designed to go deep until it eliminates all possibilities.

The differences do not stop here however. Recon, unlike the Scanner, has a backend component, which is very unusual for the online Suite. You see, the Suite does not rely on our servers to do the its job. The work is done from your very own browser and this is why you can even test sites that are not directly available on the Internet. Recon needs a backend component to do some of the special-case fingerprinting such as identifying subdomains, virtual hosts, etc. This type of data is fetched directly from our massive database which is unreasonable to ship with the tool itself. This is why you will see that recon can fingerprint virtualhosts, ip address, subdomains and even adjacent hosts with a great precision.

Last but not least both Recon and Scanner have their own use-cases. Use the Scanner when you have a single application at hand so that you can go as deeper into the app structure as an automated tool can. For large infrastructure fingerprints/tests use Recon. Not always an attacker will exploit your application directly, unless you have an obvious critical vulnerability. In many cases the attacker will leverage a vulnerability in an application close enough so that they can get a foothold for further infiltration. Recon is great at identifying these types of vulnerabilities.

I hope that this blog post makes it clear what the differences between Recon and Resend are and we also hope that you will spare a few minutes to try them both. It is easy to get started and there is a 100% trial so you have no excuse.

If you have any other pending questions do not hesitate to get in touch.

Post Your Comments

Hands On With Guided Testing

The Websecurify Suite Scanner is a lot more then it seems. In this blog post we will show you how to make use of a little known feature, internally known as guided testing. So, let's get started.

Screenshot 01

Before we dig into the fun stuff let's examine our current situation. Let's say, for the sake of this example, that we want to test http://target/. All we have to do is to simply navigate to Scanner and enter the target URL. After we press enter and confirm the checkbox we are on our way for a good doze of web security vulnerabilities.

This scenario looks simple, indeed, and of course this is the kind of thing all web security scanners do. However, if you are like us you may notice that there were several interesting opportunities we could have taken advantage of and make the scanner results a lot better.

For example, imagine that http://target/ was already opened in another tab. While you were busy with typing the target URL, Websecurify Suite Scanner was collecting vital data behind your back without you even noticing. Such as, if the web app was a rich JavaScript application that generated constant flow of requests to the server, the Scanner would have known about them before the test was even in progress. Even better, if you had decided to click on the login first button, before the test was started, the Scanner would have record the entire login flow for latter inspection. All of this happened transparently without you even knowing.

What Is Guided Testing

The scenario illustrated above is known as guided testing. In other words, the Scanner is actively trying to learn from your the behavior of your application before and during the test. The data is collected only if the Scanner is opened and the data collected only applies to the targeted that was specified. If you decide to interact with the application while the test is in progress (we strongly encourage this) it is likely that the scanner will reach deeper into your application structure and as a result discover more interesting vulnerabilities.

As far as we know guided testing is unique to Websecurify Suite and it is one of those features that are truly innovative. We believe that computers should do as much uplifting with as little interaction as possible. What we basically did here is to make our Scanner smarter.

Post Your Comments

Escapemode, Screenshot and Auto-formatting Improvements

Over the past couple of days we made three awesome improvements in the web security Suite. Here they are:

Auto-formatting Options

Frequently, when we work with JSON and XML, the document structure is not very user friendly. The document may lack indentations, multiple lines, etc. Now with the help of reformat_request and reformat_response (escapemode commands) you can quickly reformat requests and responses to make them more readable. These commands will also fix header and method casing and much more.

Screenshot 01

Escapemode Improvements

Speaking of escapemode, we also made several improvements in this area as well. Now the console supports tab auto-completion. If you do not know the command or you feel a bit lazy you just need to press TAB key and we will do the rest of the work. For example if you want to use the auto-formatting options all you need to do is to press r followed by TAB.

Screenshot 02

Screenshot Improvements

Websecurify has always been the only automated security testing software that can take actual screenshots of the vulnerabilities we find. Now we made a leap forward to make it quicker and more transparent for the user. You will notice that reports issues are generated instantaneously even those that have screenshots.

Screenshot 03

There you have it. Three awesome improvements that could make your day a little bit better.

Post Your Comments