The toolsmith article covers using Watcher to detect "dubious" comments, unset HTTPOnly flags, open redirects, and bad cross domain flash policy, so I won't repeat myself here.
Watcher is also excellent for detecting likely XSS vulnerabilities, and will passively detect prospective parameters while you browse.
As an example, a visit to a site that shall remain anonymous only to those without fundamental Google skills results in Figure 1, seen by Watcher as it passively reviews a site with 37 different checks.
Figure 1
Note that Watcher spots what it declares is a potentially high severity user controllable HTML element attribute. Watcher further indicates that the fourth input tag value attribute is specific to the keyword variable. A quick "active" test by the author quickly validates Watcher's assumptions as seen in Figure 2.
Figure 2
Passive security auditing indeed; no effort required!
Results are easily exported as well.
Browse a client site while enjoying a good sandwich and coffee, dump the results, and build your work list as a preliminary recon step for your next penetration testing engagement.
Enjoy this excellent tool; use it in good stead.
Cheers.
del.icio.us | digg | Submit to Slashdot
Please support the Open Security Foundation (OSVDB)
3 comments:
You might want to obscure the URL a little better next time, that page name is a googledork...
/olle
"As an example, a visit to a site that shall remain anonymous"
The page name is giving the website in a simple google search. I know you can't stop someone that would really want to find it but you should make it at least a little more difficult ;-)
Nice post btw.
Nothing eludes you, dear readers. Yes, that was barely anonymized.
Please consider it minimalist CYA effort.
I updated the referring language accordingly.
Cheeky monkeys. ;-)
Post a Comment