Watcher Web Security Scanning tool v1.3.0 available

Watcher (The Open source Web Security Testing Tool and PCI compliancy auditing utility) is a runtime passive-analysis tool for HTTP-based Web applications. It detects Web-application security issues as well as operational configuration issues.

Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more.

Version 1.3

News

  • Watcher 1.3.0 includes checks for the VIEWSTATE vulnerabilities reported in the Trustwave advisory
  • Watcher includes support for OWASP’s Application Security Verification Standard. Version 1.2.0 has been released with documentation describing the Level coverage provided by relevant checks.
  • Microsoft mentions Watcher’s use in SDL compliance testing on their SDL Blog
  • IE8 Security Program Manager and Fiddler author Eric Lawrence announced the Watcher plugin during his talk at MIX09.

Major Features:

  • Passive detection of security, privacy, and PCI compliance issues in HTTP, HTML, Javascript, and CSS
  • Works seamlessly with complex Web 2.0 applications while you drive the Web browser
  • Non-intrusive, will not raise alarms or damage production sites
  • Real-time analysis and reporting - findings are reported as they’re found, exportable to XML
  • Configurable domains with wildcard support
  • Extensible framework for adding new checks

Dependencies

Post scriptum

Compliance Mandates

  • Application Scanner :

    PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Application Scanner
Configurations checks
Vulnerability Scanner
Watcher