Security Dashboard
Friday 19 June 2009 - 1762 read - ( Keywords : Application Scanner , Joomla Scanner , Owasp , Vulnerability Scanner )
A regularly-updated signature-based scanner that can detect file inclusion, sql injection, command execution, XSS, DOS, directory traversal vulnerabilities of a target Joomla! web site.The following features are currently available.
Exact version Probing (the scanner can tell whether a target is running version 1.5.9)
Searching known vulnerabilities of Joomla! and its components
Reporting to Text & HTML output
Immediate update capability via scanner or svn
Changes :
New and Improved Fingerprinting Engine ( which can mostly detect exact version of Joomla 1.0.x and Joomla 1.5.x)
Updated database till 1.5.9
In database, removed substring(@@version,1,1) and employed simple blind detection approach 1=1, 1=2 to bypass IDS which prevents MySQL-sensitive words from request
Tool Submitted via Twitter by Sebastien Gioria (yep, himself. The French OWASP Local Chapter ;)
POSTSCRIPTUM
COMPLIANCE MANDATES
Application Scanner : PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2Vulnerability Scanner : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2RELATED ARTICLES
Application Scanner,
Joomla Scanner,
Owasp,
Vulnerability Scanner,
19 June 2009 : OWASP Joomla Vulnerability Scanner v0.0.1 released31 January 2010 : OWASP Code Crawler updated to v2.5.124 January 2010 : OWASP Code Crawler v2.5 released21 January 2010 : OWASP TOP 10 2010 French version released6 October 2009 : Code Crawler v2.4 Beta - OWASP Code Review Tool16 July 2009 : OWASP Security Spending Benchmarks reports available
