Web application security expert Shreeraj Shah published three new security tools that should help in assessment and audit of Web 2.0 applications.
wsScanner is a toolkit for Web Services scanning and vulnerability detection. This tool is having following utilities:
- Discovery tool – By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern.
- Vulnerability detection – It is possible to enumerate and profile Web Services using this tool and one can follow it up by auto auditing (.NET only). .NET proxy gets dynamically created for audit module. One can do vulnerability scan for data type, SQL injections, LDAP/Command injections, Buffer checks,
- Bruteforing SOAP etc. It is also possible to leverage regex patterns for SOAP analysis.
- Fuzzing – This tool helps in fuzzing different Web 2.0 streams like SOAP, XML-RPC, REST, JSON etc. This module helps in assessing various different Web Services.
- UDDI scan – It is possible to scan UDDI servers using this tool for footprinting and discovery of Web Services.
Scanweb2.0 is a set of ruby scripts which can help in assessing Web 2.0 applications. This is a start point for an assessment. Here is a list of things it can do:
- Ajaxfinger – It helps in ajax framework fingerprinting, it is possible to identify frameworks like atlas, dojo, GWT etc using this script.
- Flashfinger – One can scan a page for RIA component running with Flash and follow-up assessment is possible. It helps in fingerprinting Laszlo framework as well.
- Scanatlas – This script will scan page for atlas reference and discover hidden Web Services.
AppMap is very simple tool which runs against MSN using Web APIs over SOAP. It is a desktop based mashup application. One can do following things using it:
- Application host footprinting – It uses ip switch to identify virtual hosts.
- Application domain footprinting – It uses combination of site, inurl and linkdomain switches for fetching domain and crossdomain applications belongs to one parent domain.
- Application crawling – It fetches all links belong to an application from MSN
- Application fetching and searching – It runs rule based queries against MSN.
- One can build a set of rules and fetch the vulnerable URLs from MSN for a target application.