Websecurify

Regular updates about Websecurify free and premium website scanners, proxies, fuzzers and insight knowledge about SQL Injection, Cross-site Scripting and other vulnerabilities

Test Scope Improvements in the Websecurify Suite

We are happy to inform you that the Scanner tool, from the online Suite, now has the ability to limit test scopes. It works like this. First you need to type at least one target as seen on the screenshot:

...Then you click on the glasses button on the left. This will bring the scope window where you can play with the test scope. The beautiful thing about this tool is that you can test your rules in-place with the built-in test editor. This way you can be absolutely sure that your rules are perfect. The process is illustrated on the screenshot bellow:

There you have it. Now you can go nuts and test any application in whichever configuration you like. However, if you don't want to mess with the scope you really don't have to. The testing engine will automatically figure out some types of special urls (i.e. logout links) and not scan them in order to prevent incidental termination of your authenticated session.

Great! Now let's see what is next.

pdp

Petko D. Petkov (pdp), is founder of Websecurify and frontman of the GNUCITIZEN Information Security Think Tank. pdp is a recognized information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books in the field of information security.

Comments Powered ByDisqus