Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror

Submission Summary: 0 pending, 3 declined, 2 accepted (5 total, 40.00% accepted)

Submission + - Hackers Unveil A New Way of Visualizing Web Vulnerabilities at DEF CON 21

Submitted by punk2176
punk2176 writes: Hacker and security researcher Alejandro Caceres (developer of the PunkSPIDER project) and 3D UI developer Teal Rogers unveiled a new free and open source tool at DEF CON 21 that could change the way that users view the web and its vulnerabilities. The project is a visualization system that combines the principles of offensive security, 3D data visualization, and "big data" to allow users to understand the complex interconnections between websites. Using a highly distributed HBase back-end and a Hadoop-based vulnerability scanner and web crawler the project is meant to improve the average user's understanding of the unseen and potentially vulnerable underbelly of web applications that they own or use. The makers are calling this new method of visualization web 3.0.

A free demo can be found here, where users can play with and navigate an early version of the tool via a web interface. More details can be found here and interested users can opt-in to the mailing list and eventually the closed beta here.
Security

Submission + - The PunkSPIDER Project Controversy (theregister.co.uk) 1

Submitted by
punk2176
punk2176 writes: "Recently I started a free and open source project known as the PunkSPIDER project and presented it at ShmooCon 2013. If you haven't heard of it, it's at heart, a project with the goal of pushing for improved global website security. In order to do this we built a Hadoop distributed computing cluster along with a website vulneraility scanner that can use the cluster. Once we finished that we open sourced the code to our scanner and unleashed it on the Internet. The results of our scans are provided to the public for free in an easy-to-use search engine. The results so far aren't pretty.

In short after having found tons of vulnerabilities, we've been blowing up. Social media users either love or hate us. Critics have been claiming that the results of our scans can be used for evil by script kiddies. We argue that these results will, more importantly, be used by website owners to check the security of their own websites or website users to check the security of sites to which they entrust their sensitive data. Due to the controversy around the project The Register asked us for our response and published an article about it. I'm curious to see what the Slashdot community thinks — do you think we are doing the right thing?"

Slashdot Top Deals

The "cutting edge" is getting rather dull. -- Andy Purshottam

Close