[WEB SECURITY] OWASP Joomla! Vulnerability Scanner August 18, 2009 Update Release

YGN Ethical Hacker Group (http://yehg.net) lists at yehg.net
Thu Aug 20 19:08:31 EDT 2009


Hi all

Here it goes again:


Changes:

- updated fingerprinting signatures up to current Joomla! version 1.5.14
- updated vulnerability information up to August 18, 2009

- Implemented 200 defense bypass

  This is bypass web servers which respond with 200 for every 404,
which makes the scanner,
  produce very noisy reports about false positives. 200 defense can
render today's most scanners useless.

- Added more Joomla!-based firewall detection
- Refined HTML reporting with extremely-easy-to-deploy excellent
cross-browser graphing functionality (Thanks, jscharts.com)
- Add a beep sound after finishing the scanning. It acts like an alarm
- "Scanning's over. Look the result!"


NOTE
======
This release has an agreement to sign.
You will have to run it once and sign it. Or else this will break your
automatic scanning if you've been using.


HOW TO UPDATE
===============
SVN checkout is always recommended more than checking from the scanner which is
good for new database updates and slight changes in the scanner itself.

svn co https://joomscan.svn.sourceforge.net/svnroot/joomscan/trunk joomscan



WEB INTERFACE
==============
You can get the web interface at
http://hackertarget.com/joomla-security-scan/.

I don't have any affiliates with hackertarget.com.
I'm not responsible for any damages you get from using hackertarget.com's.


=====================================================================

Please do report any errors you may experience.
Thanks for using it.

----------------------------------------------------------------------------
Join us on IRC: irc.freenode.net #webappsec

Have a question? Search The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/

Subscribe via RSS: 
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Join WASC on LinkedIn
http://www.linkedin.com/e/gis/83336/4B20E4374DBA



More information about the websecurity mailing list