Brakeman is a Rails security scanner – unlike many web security scanners, Brakeman looks at the source code of your application. This means you do not need to set up your whole application stack to use it. Once Brakeman scans the application code, it produces a report of all security issues it has found. It […]
Archives for 2014
Facebook Allows Tor Access To Site
Facebook started out blocking users of the Tor network in 2013, but have recently had a change of mind and now Facebook allows Tor access to the site even providing a special .onion address for users of the network to directly connect to Facebook infrastructure. It’s an interesting decision as many of the Facebook ‘security […]
ZMap – Fast Open-Source Network Scanner
ZMap is a fast open-source network scanner designed for Internet-wide network surveys. On a typical desktop computer with a gigabit Ethernet connection, ZMap is capable scanning the entire public IPv4 address space in under 45 minutes. While previous network tools have been designed to scan small network segments, ZMap is specifically architected to scan the […]
Serious Linux/UNIX FTP Flaw Allows Command Execution
A lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client It’s a fairly unlikely set of circumstances however, and it […]
Arachni v1.0 Released – Web Application Security Scanner Framework
Arachni is an Open Source, feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of web applications. It is smart, it trains itself by monitoring and learning from the web application’s behaviour during the scan process and is able to perform meta-analysis using a number of factors in order […]