Websecurify

Regular updates about Websecurify free and premium website scanners, proxies, fuzzers and insight knowledge about SQL Injection, Cross-site Scripting and other vulnerabilities

New Share Screen

We couldn't wait until Monday to announce this simple but important feature we have managed to deliver this week. We are talking about the new sharing options available in Resend, Retest, Xmlfuzz and Jsonfuzz. The Share screen provides a quick and simple way to share requests and tests via web links.

Screenshot 01

The best thing is that you can put these links anywhere you like. You can stick them on web pages, documents, spreadsheets, presentations, bug tracking system, etc, etc, etc. Even more interestingly, these links anonimise the data they contain, meaning that the stuff you want to share never leave the premises of your browser. This is done via appending the data in the so called fragment identifier of the URL.

To understand how this works, let's have a look at the url structure as illustrated bellow:

http://target/path/to/resource?param=value#data=value
scheme://address/path?query#fragment

Fragment identifiers are used to navigate within the page and are never sent to the web server. When the browser makes a request to fetch a link like http://target/path/to/resource?param=value#data=value only this http://target/path/to/resource?param=value is requested and #data=value is kept for internal use only therefore never sent down the wire. This is how we keep the data private to you and out of even our own sight.

We believe that this mechanism opens the Suite to all kinds of new capabilities that will speed up the delivery of secure web applications and also reduce the security overhead. Think about it. There is no need to store any data in textual format or explain how a particular vulnerability works. Once you find the vulnerability you can simply share it in a reusable and re-testable format anybody can understand, repeat and built upon.

The devil is in the details. The devil is in the tools. This is the power of the Suite.

pdp

Petko D. Petkov (pdp), is founder of Websecurify and frontman of the GNUCITIZEN Information Security Think Tank. pdp is a recognized information security researcher, security tools developer, penetration tester, frequent speaker at industry events, and published author who has contributed to several best-selling books in the field of information security.

Comments Powered ByDisqus