a4apphack

Websecurify – Free Web Application Vulnerability Scanner

Posted by rajivvishwa On April - 2 - 2010

Websecurify is a powerful web application security testing environment designed from the ground up to provide the best combination of automatic and manual vulnerability testing technologies. This tool automatically identifies web application vulnerabilities by using advanced discovery and fuzzing technologies.

WebSecurify is available in major OS platforms – Windows, Mac and Linux. Its even available as a Chrome extension.

Post Updated:

  • Target site that requires authentication
  • Info on Chrome Plugin

Wensecurify Scan in Progress

Running the Scanner

Initiating a scan with Websecurify is simple and is achieved in 2-3 steps.

1. Select ‘Start new automated test’, Enter Workspace Name and the Target application URL.

Start Scan

2. If application requires login, select ‘login or initialize target’. This opens the browser and asks you to enter the credentials. Close the browser window after login. (This step is optional).

Authenticate

You should new be authenticated to the application. After post login pages are displayed, close websecurify browser window.

Post Login Page

3. Click on ‘Ok’ to start the scan :)

Scan in Progress

    Once the Scan is Complete

    Once the scan is complete, scan results are displayed, sorted based on the severity of the vulnerabilities discovered. Clicking on each of the category will further display the instances found and the technical details of analysis.

    Issues List

    Scan results can be rendered in a report format by clicking on the Report Tab and can be exported in CSV, HTM, XML and JSON formats.

    Websecurify Report

    Comments/Observations

    1. A scan was initiated for an average sized application during evaluation of websecurify and following were identified
    2. Memory consumption was increasing with time but its far better than many other free/commercial scanners
    3. Progress of scan was normal till it reached almost 97% (in around 2 hrs), then it stayed in 97-98 and back to 97 for a loooong time. So I had it running and checked it the next day.
    4. This tool doesn’t provide the statistics of the scan, like pages crawled, time consumed, etc.
    5. This tool has the simplest interface of all the other tools available in the market.

    Chrome Extension

    WebSecurify has a chrome extension too. Once installed, we can initiate the scan from within Chrome.

    Scan from Chrome

    Test Report can be displayed on a new page once the scan is complete.

    Chrome Test Report

    https://chrome.google.com/webstore/detail/emclbdbpcnhmopfkidjhlinikkohlkpn#

    Websecurify Logo
    Websecurify Info
    App Name Websecurify
    License free
    Type
    App URL Download
    More Info link

    Related Posts

    Featured, Tools
    • Kavitha

      hi,

      ur current information is useful and need some more clear data regarding the usage, how to run, use . what are the requisities etc……..

      • rajivvishwa

        Hi Kavitha, I’ve updated the post with few more information on initiating the scan, if that might help you. As for the requisites, you just need the target application’s URL on which the security scan needs to be performed (Thats what you will require for running any Blackbox scanner). Let me know if you any more questions.

    Subscribe RSS
    Follow me on TwitterTechnoratiYoutube VidsLinkedIn ProfileDelicious

      Popular Posts

      Most Commented

      Recent Posts

      Recent Comments