Archive for the ‘announcement’ Category

Well Websecurify Runs on The iPhone

|
Comments Off

Posted in announcement, automation, Blog, iphone, scanner, security, testing, websecurify on August 4th, 2011 by pdp

This is not necessarily news anymore since it was discussed on the Websecurify official blog but we are so excited about it that we could not hold ourselves from posting it here too.

The testing engine used in this particular version of Websecurify is optimized to run with the least possible amount of memory. The results of the scanner are as good as those produced by all other Websecurify variants although in some cases it may miss some statistically unlikely types of issues. This is not directly and only applicable to the iPhone version. No! Similar tradeoffs are also present even in standard desktop/server based scanners although they are usually less visible and obscured behind tones of options. The bottom line is that the scanner not only runs natively on the iOS but also works as expected.

Now this is exciting! Websecurify is the first in the world mobile web application testing technology.

If you have any suggestions, recommendations or general feedback please do let us know. You can also participate in the beta test program which will allow you to have a play with tool as we are polishing it for the official release.

The possibilities are endless.

---
recent posts from the gnucitizen network:

Cold, Coffe, Code
The Upcoming Websecurify Mobile
Websecurify 1.0.2 for Windows and Mac has Arrived
A Collage of Websecurify's Evolution
Websecurify's Debute on ITunes and Mac App Stores

Tags: |

Jeriko Group and Source Code Repository

|
No Comments »

Posted in announcement, Blog, jeriko, project on April 28th, 2009 by pdp

Jeriko moved in its own source code repository which you will be able to find here. There is also a discussion group here, if you feel like using it.

The version inside the new code repository is very different from the version you’ve seen before. The main difference is that while the old version is basically a collection of scripts, the new version implements its own shell (wrapper around bash) which does the heavily lifting and also introduces some funky programming mechanisms. For example, now you can create jeriko scripts like this:

#/usr/bin/env jeriko
# do my jeriko commands here
foreach-input | add-targets
generate-scan-batch | run-in-parallel

This is perhaps the simplest possible script you can write but you see that the jeriko shell could turn into a quite powerful feature. The shell is also a good starting point for many penetration testing jobs as it does some environment checking and preconfigures some defaults for you. The other good news is that you don’t have to learn a new programming language. Your bash skills are good for jeriko too.

Just keep in mind that jeriko is merely an experiment. However, I realize that it has already become quite useful for some people. So, if you enjoy playing with bash scripts, and you you feel adventurous, please join us and make this project happen.

---
recent posts from the gnucitizen network:

Cold, Coffe, Code
The Upcoming Websecurify Mobile
Websecurify 1.0.2 for Windows and Mac has Arrived
A Collage of Websecurify's Evolution
Websecurify's Debute on ITunes and Mac App Stores