Home > By category > Scripts >Modules > Security scanner component for SimpleTest module



Security scanner component for SimpleTest module

  • Downloads: 
  • Views: 
  • Rating:

Automated XSS scan of your Drupal website through Simpletest.

This project is based on SimpleTest library which is developed to execute unit and browser testing of PHP code. SimpleTest is a framework for enabling automated code checking and has a browser component available which can simulate users entering form data or retrieving certain URLs. Within Drupal there is a team focused on the development of this recent module. Anyway, based on the results presented in GHOP (http://code.google.com/p/google-highly-open-participation-drupal/issues/...) concerning penetration testing, I would add a vulnerability analysis test for Sql Injection and Cross Site Scripting.
This project is inspired by the scanner developed within Yahoo by Rasmus Lerdorf to detect the vulnerabilities in the web application, but that scanner is not open source.
Existing tools such as code-checker.php e Coder module's are based on the research of regular expressions within the code, but no tool exists to simulate such attacks to detect vulnerabilities.

How to use it
The module works from cron.php page. Tu run it, you have to activate security scanner and xss injector modules from modules page of your drupal installation. Then you have to backup your database. After doing so you have to set "Crawl" into the security scanner settings page and you have to add your own pattern.
Then run cron.php file, it will takes a bit (about 100 seconds for me with a drupal default installation and all modules active).
After doing that you have to start seeding, go again into the security scanner settings page and check "Seed", than save the settings and re-run cron.php. At this point, your drupal installation will be full of seeds. You could search for vulnerabilities walking into your webite or you can make the scanner do it for you, simply running again cron.php after setting "Checking seeds" into the settings page of the security scanner. If there are vulnerabilities you can see them as warning into the top of your web page after running the thirth time cron.php. Restore your db backup at the end of this process.

For those who wants to help, the new Security Scanner Group (http://groups.drupal.org/security-scanner-component) is the right location.

Free download from Shareware Connection - Automated XSS scan of your Drupal website through Simpletest.

Publisher: Dario Ghilardi | License: Freeware | Price: 0.00
Version: 6.x-1.0 | Size: 20 KB | Platform: PHP, Scripts
Released Date: 23-06-2013 | Rating: 0 | Title: Security scanner component for SimpleTest module

Author Url: http://drupal.org
Program Info Url: http://drupal.org
Download Url: http://ftp.drupal.org/files/projects/security_scanner-6.x-1.0.tar.gz

Security scanner component for SimpleTest module keywords:
Security scanner component for SimpleTest module related downloads:

Acronis Backup & Recovery 11 Advanced Server - Acronis Backup & Recovery Advanced Server provides enterprise functionality and system restore backup data, such as: data deduplication, security improved, based management strategies and scoreboard operations.

Aobo Filter for Mac Standard - Aobo Filter for Mac Standard is an internet filtering and website blocking application that helps Mac OS X users to block adult websites, stop games, applications and record visited websites on Mac. Aobo Filter for Mac Standard provides 5-day free tr

Parrot Backup - Parrot Backup is the free, easy-to-use software that makes it simple to backup your important files to a flash drive, CD, DVD, Blu-ray, external hard drive, or network drive. Parrot Backup contains no malware and no ads.

EZ Eudora Backup Premium - EZ Eudora Backup Premium makes it easy to backup your mail and address book to a ZIP archive or to CD/DVD and works with the Windows Task Scheduler to provide a completely automated backup solution.

EZ Eudora Backup Pro - EZ Eudora Backup Pro makes it easy to backup your mail and address book to a ZIP archive or to CD/DVD and works with the Windows Task Scheduler to provide a completely automated backup solution.

Shareware Connection periodically updates pricing and software information of 'Security scanner component for SimpleTest module' from company source 'Dario Ghilardi' , so some information may be slightly out-of-date. You should confirm all information before relying on it. Software piracy is theft,  Using 'Security scanner component for SimpleTest module' crack, password, serial numbers, registration codes, key generators is illegal and prevent future development of Security scanner component for SimpleTest module.

New Reviews

7-Data Recovery Suite Free Edition - When you are dealing with lots of data it may be necessary at times to recover deleted data. The data may be deleted by mistake or by someone else. In such instances, it becomes necessary to retrieve the deleted data. You need to use third party ...

Imagina - Average PC users have to deal with an ever increasing number of digital images these days. This has become a trend after invasion of digital cameras and smart phone with high quality cameras among the mass. You also need to edit and retouch ...

Potatoshare Systemnanny - People use PCs for various needs nowadays. A computer is not used to run office productivity or accounting software alone anymore. It is also used for tasks like web browsing, media playback, file conversion, and myriad related needs. After ...

Qustodio Free Parental Control - Without using the Internet, it is extremely difficult to obtain information, seek entertainment or look for study references but there is a downside to it as well. While some tech savvy kids master the tricks to bypass monitoring of their parents ...

EasyBrake - PC users often need to convert videos from various formats to other formats that suit their needs. As expected, there are hundreds of free and paid apps to accomplish such tasks nowadays. It is not mandatory that you will have to pay a high ...

Quick Crypt - PC users have become more conscious and careful about privacy of their data these days, especially about the data they need to share with others. There are valid reasons for this trend. Instances of personal information theft and attacking are on ...

HDD Guardian - No matter how costly a desktop or laptop is, it is necessary to keep a tab on its hardware components. While you can spot signs and symptoms of hardware malfunction and impending failure in some instances, some mishaps may just strike you out of ...

ChrisPC Free Video Converter - Even a few years back, video conversion was not commonplace among average PC users. However, with tremendous progress made in computer software and hardware things have changed. Now, it is quite common to see your neighborhood college student ...

MusicBee - Irrespective of what type of a PC you use, it will be necessary to use a media player app from time to time. If the WMP is not your cup of tea, you will have to pick from third-party music player apps. The problem with some such apps is that ...

Privatefirewall - Everything in life has two sides to it and same can be said about technological innovations. It is quite hard to carry out most activities without resorting to the web these days. Yet the internet itself is also the reservoir of malicious ...




New Downloads

Ez Imgur Clone

Ez Imgur Clone enables you to
launch your very own media
sharing portal in minutes.
It's absolutely the best
solution in ...

Beautify

This module is looking for a
co-maintainer.

Hosted~FTP~

Website visitors can send and
receive files with your
Hosted~FTP~ account

Iterative Closest Point
Method

ICP fit points in data to the
points in model

PostLinks

(Beta) An extension of Fields,
a custom field management
plugin.

Least Squares Data Fitting
in MATLAB

Demonstration of least squares
data fitting using both
inverse and backslash
operators.

3D Object Rotate

3D Object Rotate is a Flash VR
tool taht allows you to create
high quality presentations.

wikimarkup

wikimarkup is a class to
automatically generate
latex/wiki/html markup for
matlab objects

Creation operator

This m-file will generate
photon creation operator

Token Node Tokens

TNT (Token Node Tokens) is a
very simplistic module that
allows you to create arbitrary
tokens without having to
create a ...

Marine Automatics

The library has been created
as a part of a master's thesis
(supervisor Jerzy Brzozka, Ph.
D. Eng.)

MATLAB Programming Example
for Agilent's U2600A USB
Modular (DAQ) Digital IO
module

The U2651A module is slotted
into the U2781A USB Chassis.