Web Application Security Testing From The Google Chromebook
We have already mentioned this on Twitter (@websecurify) but here is the proof. Websecurify Suite runs on the Google Chromebook. This means that now you can have a full-featured web application security testing environment on a Chromebook without mucking about with the operating system. It installs and runs just like all Chromebook/Chrome applications.
Now, this is very interesting because it suddenly opens opportunities to improve some broken processes. For example, imagine that you, a penetration tester, walk in your client's site but instead of taking your own gear for the test you are given a Chromebook already pre-installed with the tools that you will need for the assessment. Now I know what some of you hardcore security consultants will say and keep in mind that I have 10 years of consultancy experience behind me but this is in a way realistic and also very convenient solution related to 3rd-part companies plugging untrusted and somewhat untested devices into the corporate network. We know that just the tools do not make a good pentester but a pentester without good tools will need more time to perform an assessment. Chromebook can not only provide cheep means to deliver standard set of tools but also a controlled environment. For example, all sensitive data can be wiped out after the assessment without the need of another extensive set of corporate policies, etc, etc, etc.
Another interesting use case is really simply the fact that web application security tools can be delivered without much hackery. This means that they are safer in an environment where you may find that desktop security practices are not so well thought through or executed. In another words, you don't really need any special permissions to install hundreds of different dependencies to run your security tests (bye bye python, ruby, .net, ms sql server). Websecurify Suite runs from inside the browser and because of that, it is constrained by the browser's security mechanisms enforced to protect the operating system. Needless to say, the genius behind our technology is simply the fact that our Suite only needs access to web applications for testing but nothing else.
Anyway, I can go on and on and probably I will in future posts but here are some screenshots I took yesterday to show our scanner running from inside the Chromebook:
This is it for now and we hope you have a great time testing our tech. You can get a free access to our Foundation tool, which is essentially an automated web application security scanner. Very soon we will be releasing a lot more tools so stay tuned by following us on twitter (@websecurify) or by just watching this space.