Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Firefox extension detects cross-site scripting

High-Tech Bridge SA : 09 October, 2013  (New Product)
Free Immuniweb Self-Fuzzer tool for Firefox seeks out vulnerabilities to Cross-Site Scripting or SQL-injection
Firefox extension detects cross-site scripting

Swiss information security company High-Tech Bridge has launched ImmuniWeb Self-Fuzzer, a free Firefox extension that allows users to detect Cross-Site Scripting and SQL-injection vulnerabilities in their web applications in real time. The add-on does not require any specific skills to use, and demonstrates how rapidly and easily these two most common types of web vulnerabilities can be found even by a person who is not familiar with web security.

ImmuniWeb Self-Fuzzer is not a web application security scanner or crawler, but a real-time web fuzzer. Once activated by a user in his browser, it carefully follows the user’s HTTP requests and fuzzes them in real time, carefully checking all HTTP parameters passed within the requests. Results of fuzzing are also displayed in real-time, notifying user immediately upon vulnerability detection.

According to the Web Application Security Forum (WASC), 83% of all websites have at least one serious vulnerability, and Gartner states that successful exploitation of either of these can lead to "the total compromise of the entire local network of an organisation."

XSS and SQL-injection exploits take advantage of very common coding errors in web applications. In both cases user input is allowed via web forms, and that input is passed into the system for processing. Good programming requires that the input is 'sanitised' or filtered before acceptance; that is, any unexpected or unacceptable characters are removed or not allowed.

All too often, however, the filtering process is omitted or inadequate. As a result, hackers are able to use the forms, through careful coding, to input their own commands to the internal database. Typically, for example, they can trick the system into providing an administrator password.

Businesses need to find the flaws before the hackers – something that is frequently beyond that capabilities of SMBs.

But now High-Tech Bridge has launched a new free tool that will do this easily and effectively. It uses real-time fuzzing technology to test any specified web page for XSS and SQL-injection vulnerabilities.

The ImmuniWeb Self-Fuzzer Firefox extension checks the current web page for relevant vulnerabilities. The result is a free, safe, easy-to-use tool that can radically improve the efficiency of independent pentesters and, more particularly, allow SMBs to undertake their own audit for the internet's most common vulnerabilities.

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo