Crosscheck Web Services Patent Pending Automated SOA Compliance and Security Assessment

Transcription

1 Pagina 1 di 5 Hacking News Malwares Cyber Attack Vulnerabilities Hacking Groups Spying e.g. Hacking Facebook +1,310, , , m Follow Firing Range Open Source Web App Vulnerability Scanning Tool From Google Thursday, November 20, Wang Wei Reddit Google on Tuesday launched a Security testing tool "Firing Range", which aimed at improving the efficiency of automated Web application security scanners by evaluating them with a wide range of cross-site scripting (XSS) and a few other web vulnerabilities seen in the wild. Firing Range basically provides a synthetic testing environment mostly for cross-site scripting (XSS) vulnerabilities that are seen most frequently in web apps. According to Google security engineer Claudio Criscione, 70 percent of the bugs in Google s Vulnerability Reward Program are cross-site scripting flaws. Crosscheck Web Services Patent Pending Automated SOA Compliance and Security Assessment In addition to XSS vulnerabilities, the new web app scanner also scans for other types of vulnerabilities including reverse clickjacking, Flash injection, mixed content, and cross-origin resource sharing vulnerabilities. Firing Range was developed by Google with the help of security researchers at Politecnico di Milano in an effort to build a test ground for automated scanners. The company has used Firing Range itself "both as a continuous testing aid and as a driver for our development, defining as many bug types as possible, including some that we cannot detect (yet!)." What makes it different from other vulnerable test applications available is its ability to use automation, which makes it more productive. Instead of focusing on creating realistic-looking testbeds for human testers, Firing Range relies on automation based on a collection of unique bug patterns drawn from in-the-wild vulnerabilities observed by Google. Firing Range is a Java application that has been built on Google App Engine. It includes patterns for the scanner to focus on DOM-based, redirected, reflected, tag-based, escaped and remote inclusion bugs. At the Google Testing Automation Conference (GTAC) last year, Criscione said that detecting XSS vulnerabilities by hand at Google scale is like drinking the ocean. Going through the information manually is both exhausting and counter-productive for the researcher, so here Firing Range comes into play that would essentially exploit the bug and detect the results of that exploitation.

2 Pagina 2 di 5 "Our testbed doesn't try to emulate a real application, nor exercise the crawling capabilities of a scanner: it s a collection of unique bug patterns drawn from vulnerabilities that we have seen in the wild, aimed at verifying the detection capabilities of security tools," Criscione explained on the Google Online Security Blog. Firing Range tool has been developed by the search engine giant while working on "Inquisition", an internal web application security scanning tool built entirely on Google Chrome and Cloud Platform technologies, with support for the latest HTML5 features and has a low false positive rate. A deployed version (public-firing-range.appspot.com) of Firing Range is available on Google App Engine and since the tool is open source you can also find and check out the Source code on GitHub. Users are encouraged to contribute to the tool with any feedback. Subscribe to our Free Channel address Invia query LIKE US ON FACEBOOK Like 394,958 people like this. SHARE ON GOOGLE+ TWITTER FACEBOOK Follow 'Wang Wei on Google+, Twitter or Contact via . Cross-Site Scripting, Firing Range Vulnerability Scanner, Google Tools, Hacking Tools, Penetration Testing, Vulnerabilities Scanner, Vulnerability, Vulnerability Assessment, XSS Vulnerability LATEST STORIES Likes Yesterday at 1:25am Let s Encrypt Mozilla, Cisco, and Akamai to offer free HTTPS/SSL certificates for the Entire Web Let s Encrypt A Certificate Authority to Provide Free SSL Certificates for Entire Web Share 1,

3 Pagina 3 di 5 Likes November 18 at 10:41pm Patch your Windows Machine ASAP... Microsoft Releases Emergency update for Fixing Critical Kerberos Bug (MS14-068) Read: Microsoft Releases Emergency Outof-Band Patch for Kerberos Bug MS Share Likes Yesterday at 1:28am Awesome..!! WhatsApp Messenger Enables End-to- End Encryption by Default for its 600 Million Users # security # Whatsapp # privacy # technology #Encryption WhatsApp Messenger Adds End-to- End Encryption by Default WhatsApp Adds End-to-End Encryption by Default to its Android App. Whatsapp boost its privacy and security... Share Likes 5 hrs Billions of # Android Devices Vulnerable to Privilege Escalation Attacks Except the latest Android 5.0 # Lollipop OS. Read More: # Security # tech # technology # infosec # mobile # smartphone # hacking Billions of Android Devices Vulnerable to Privilege Escalation Except Android 5.0 Lollipop THEHACKERNEWS.COM BY WANG WEI Share COMMENTS

4 Pagina 4 di 5 Best DDoS Detection prolexic.com/ddos-detection More Knowledge, More Experience Largest Security Operations Center Windows Automation Tool Site Testing Tools Password Vault Any UI Test Automation StorageCrypt v Start Download Openvpn Popular Stories Spy Planes Equipped with Dirtbox Devices Collecting Smartphone Data Let s Encrypt A Certificate Authority to Provide Free SSL Certificates for Entire Web 81% of Tor Users Can be Easily Unmasked By Analysing Router Information Windows Phone 8.1 Hacked Microsoft Releases Emergency Out-of-Band Patch for Kerberos Bug MS OnionDuke APT Malware served through Tor Network

5 Pagina 5 di 5 WhatsApp Messenger Adds End-to-End Encryption by Default Subscribe to our Free Channel Trending Topics Enter address... Submit #Surveillance #Zero Day #NSA #Cyber Attack #Privacy #Credit Card #Bitcoin #Anonymous #Malwares #Ransomware #Antivirus #Espionage #Facebook #Android Hacking #Encryption #Bug Bounty #Mobile Hacking #DDoS Attack #ios Hacking #Vulnerability About THN Magazine The Hackers Conference Sitemap Advertise on THN Our Authors Submit News Privacy Policy Contact