[New added] Scanweb2.0: Assessment tool for Web 2.0

In: Application Scanner , scanweb2.0 , Vulnerability Scanner

10 October 2007

canweb2.0 is a set of ruby scripts which can help in assessing Web 2.0 applications. This is a start point for an assessment

Here is a list of things it can do:

Ajaxfinger - It helps in ajax framework fingerprinting, it is possible to identify frameworks like atlas, dojo, GWT etc using this script.

Flashfinger - One can scan a page for RIA component running with Flash and follow-up assessment is possible. It helps in fingerprinting Laszlo framework as well.

Scanajax - It scans for XSS entry points into JavaScripts and Web 2.0 applications. It is possible to trace these points and discover XSS.

Scanatlas - This script will scan page for atlas reference and discover hidden Web Services.

Urlgrep - This script will fetch all JavaScripts and look for hidden URLs residing in Web 2.0 applications.

Post scriptum

Download

Compliance Mandates

Application Scanner :
PCI/DSS 6.3, SOX A12.4, GLBA 16 CFR 314.4(b) and (2), HIPAA 164.308(a)(1)(i), FISMA RA-5, SA-11, SI-2, ISO 27001/27002 12.6, 15.2.2
Vulnerability Scanner :
PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Related Articles

Application Scanner	10 May 2010 : SQLNinja v0.2.5 released! 1 May 2010 : WhatWeb just updated to v0.4.2 29 April 2010 : WhatWeb v0.4.1 - released 28 April 2010 : NSIA (Network System Integrity Analysis) v0.8.99 released 26 April 2010 : Acunetix WVS v6.5 build 20100419 released
scanweb2.0	10 October 2007 : [New added] Scanweb2.0: Assessment tool for Web 2.0
Vulnerability Scanner	12 May 2010 : Complemento v0.7.6 - Collection of Tools 22 April 2010 : OpenSCAP v0.5.9 released 20 April 2010 : Sandcat v4.0 released 15 April 2010 : Nessus v4.2.2 released 9 April 2010 : SARA-7.9.2a the final version released

Copyright Security-Database 2006-2024 - Powered by themself ;).

Facebook rss twitter linkedin mail