Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

Open Source Web Application Fingerprinting Tool

Qualys : 30 July, 2010  (New Product)
BlindElephant from Qualys enables web developers to make static identifications of versions of applications and plugin versions to make sure everything is up to date and running at the right level
Qualys has released BlindElephant, a fast, accurate open source web application fingerprinting engine that identifies application and plugin versions via static files. In conjunction with this release, research is scheduled to be unveiled at Black Hat USA 2010 that describes results from large-scale tests of the tool and shows that many well-known web applications are running dangerously out of date software.

There are many common web applications used for many purposes, such as blogging, forums, e-commerce, database management, email and a myriad of others. By their nature, these applications present special security challenges, and as vulnerabilities are increasingly discovered, it is important to have a reliable way to detect which applications and plugins are present at a site, and if they are running outdated versions. Unlike other web application tools, BlindElephant utilizes a new approach that relies on hashes of static resource files within the application to infer a version number.

"Standard web applications are commonly targeted by attackers and then subverted for malware distribution," said Wolfgang Kandek, CTO of Qualys. "We are releasing the BlindElephant tool as an open source project in order to allow users to protect themselves and monitor their web applications. It is also an initial stepping stone to work with the community to increase the number of fingerprinted web applications."

"BlindElephant is a tool that helps security professionals and systems administrators identify everything running on their servers, including any web applications users may have downloaded," said Patrick Thomas, a vulnerability researcher at Qualys and creator of BlindElephant. 'It doesn't check for vulnerabilities or vulnerability to a particular exploit, but rather what version of applications are running on their site.'

BlindElephant was designed for:

* Minimal human effort to support new versions/apps
* Resistance to hardening (banner removal)
* Accuracy and precision to reduce false positives and false negative rates
* Very generic to reuse the same code for all supported applications
* Speed and scalability for use on a large number of applications
* Low resource usage

For each application that the tool will support, BlindElephant consumes a number of version directories. All files and directories are processed, and a hash is computed for each file. This hash is stored in a temporary table, along with the path and version of the application it came from. Accuracy of the tool was demonstrated by a large-scale survey on Internet-visible hosts. The results of the survey include information on which currently supported web applications are most commonly used and the distribution of versions. The survey focused on some of the most popular open source applications including:

* Drupal (Content Management System)
* Joomla! (Content Management System)
* Mediawiki (Wiki Software)
* Moodle (Virtual Classroom System)
* MovableType (Blogging Software)
* phpBB (Forum Software)
* phpMyAdmin (Database Management Software)
* SPIP (Content Management System)
* Wordpress (Blogging Software)

"The goal of the tool is to provide 'situational awareness,' rather than specific vulnerabilities in an application," added Thomas.
Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo