Geneva, 8 October, 2013, Swiss information security company High-Tech Bridge has launched ImmuniWeb® Self-Fuzzer, a free Firefox extension that allows users to detect Cross-Site Scripting and SQL-injection vulnerabilities in their web applications in real time. The add-on does not require any specific skills to use, and demonstrates how rapidly and easily these two most common types of web vulnerabilities can be found even by a person who is not familiar with web security.
ImmuniWeb Self-Fuzzer is not a web application security scanner or crawler, but a real-time web fuzzer. Once activated by a user in his browser, it carefully follows the user’s HTTP requests and fuzzes them in real time, carefully checking all HTTP parameters passed within the requests. Results of fuzzing are also displayed in real-time, notifying user immediately upon vulnerability detection.
According to the Web Application Security Forum (WASC), 83% of all websites have at least one serious vulnerability, and Gartner states that successful exploitation of either of these can lead to "the total compromise of the entire local network of an organisation."
XSS and SQL-injection exploits take advantage of very common coding errors in web applications. In both cases user input is allowed via web forms, and that input is passed into the system for processing. Good programming requires that the input is 'sanitised' or filtered before acceptance; that is, any unexpected or unacceptable characters are removed or not allowed.
All too often, however, the filtering process is omitted or inadequate. As a result, hackers are able to use the forms, through careful coding, to input their own commands to the internal database. Typically, for example, they can trick the system into providing an administrator password.
Businesses need to find the flaws before the hackers – something that is frequently beyond that capabilities of SMBs.
But now High-Tech Bridge has launched a new free tool that will do this easily and effectively. It uses real-time fuzzing technology to test any specified web page for XSS and SQL-injection vulnerabilities.
The ImmuniWeb Self-Fuzzer Firefox extension checks the current web page for relevant vulnerabilities. The result is a free, safe, easy-to-use tool that can radically improve the efficiency of independent pentesters and, more particularly, allow SMBs to undertake their own audit for the internet's most common vulnerabilities.
The ImmuniWeb® Self-Fuzzer is downloadable here: https://addons.mozilla.org/en/firefox/addon/immuniweb-self-fuzzer/
White Paper and How To:
The ImmuniWeb Self-Fuzzer is free.
About High-Tech Bridge
High-Tech Bridge SA is a leading provider of information security services, such as penetration testing, network security auditing, consulting and computer crime forensics. In 2012 Frost & Sullivan recognised High-Tech Bridge as one of the market leaders and best service providers in the ethical hacking industry. High-Tech Bridge devotes significant resources to information security research. High-Tech Bridge Security Research Lab has helped software vendors to improve security of their products, including such vendors as Microsoft, IBM, Novell, McAfee, Sony, HP, Samsung, OpenOffice, Corel, OpenX, Joomla, WordPress, UMI.CMS, and hundreds of others.
The company has recently introduced ImmuniWeb®, a Software-as-a-Service (SaaS) ethical hacking solution for web applications.
High-Tech Bridge is on the Online Trust Alliance (OTA) 2013 Online Trust Honor Roll for demonstrating exceptional data protection, privacy and security in an effort to better protect their customers and brand. For High-Tech Bridge this is a second consecutive nomination for this prestigious global award that the company has already received in 2012.