Jump to content
Fi8sVrs

Yahoo! Launches Free Web Application Security Scanner

Recommended Posts

  • Active Members
Posted

web-application-security-scanner.jpg

Yahoo! has open-sourced Gryffin – a Web Application Security Scanner – in an aim to improve the safety of the Web for everyone.

Currently in its beta, Project Gryffin has made available on Github under the BSD-style license that Yahoo! has been using for a number of its open-sourced projects.

Gryffin is basically a Go & JavaScript platform that helps system administrators scan URLs for malicious web content and common security vulnerabilities, including SQL Injection and Cross-Site Scripting (XSS).

Yahoo! describes Gryffin as a large-scale Web security scanning platform, which is more than just a scanner, as it is designed to address two specific problems:

  1. Coverage
  2. Scale

Scale is obviously implied for large Web, while Coverage has two dimensions –Crawl and Fuzzing.

Crawl's ability is to find as much of the Web application's footprint as possible, whereas Fuzzing involves testing each part of the application's components for an applied set of vulnerabilities.

Gryffin's Crawler is designed to search "millions of URLs" that might be driven by a single template from just one of the URLs to work.

Moreover, the crawler also includes a de-duplication engine for comparing a new page with an existing one and thus allowing it to avoid crawling the same page twice.

Gryffin's Crawler also has PhantomJS, which is used to handle DOM rendering in client-side JavaScript applications.

Gryffin's Requirements

The requirements for Gryffin are as listed below:

  • Go
  • PhantomJS v2
  • The NSQ distributed messaging system
  • Sqlmap for fuzzing SQL injection
  • Arachni for fuzzing XSS and Web vulnerabilities
  • Kibana and Elastic Search for dashboarding

Besides Yahoo!, many major companies have released their own web application vulnerability scanners to make Internet experience safe for users.

Back in February, Google released its own free web application vulnerability scanner tool, dubbed Google Cloud Security Scanner, which potentially scans developers' applications for common security vulnerabilities on its cloud platform more effectively.

Source

  • Upvote 1

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...