Yahoo! Launched its own Web Application Security Scanner
Gryffin, the web application security scanner by Yahoo! is now open source for the purpose to improve the safety on the web for every user.
The Project Gryffin is in its beta and the project is available on Github under the BSD-style licence.
Gryffin helps system administrator to scan URLs containing the malicious content and other security vulnerabilities, it also include SQL Injections and Cross Site Scripting (XXS). Gryffin is built on the Go and JavaScript platform.
According to Yahoo! Gryffin is not only the scanner, it is a large scale web security platform which is designed to report two precise problems namely Scale and Coverage.
Here Scale is assumed for large Web while the Coverage has two dimensions – crawl and Fuzzing.
Gryffin’s Crawl has the ability to find the Web application’s footprint as many as possible. It is designed in a way that it could search between the millions of URLs may be goaded by a single template from just one of the URLs to work.
Also the Crawler is embraces with de-duplication engine, which compares a new page with the already existing page and ultimately allow it to crawl the same page twice.
It also has PhantomJS, so it can also handle the DOM rendering in client-side JavaScript.
Requirements for Gryffin:
- Go (the programming language)
- PhantonJS v2
- The distributed messaging system of NSQ,
- For dash boarding (Kibana and Elastic search),
- For the fuzzing of XSS and web vulnerabilities Archani is required,
- SQL Map for fuzzing SQL injections.
Not only the Yahoo! Many other leading companies are making the efforts to make the internet more safer place by launching their own Web vulnerability scanners. For example, In February this year Google launched its own web application vulnerability scanner tool named as Google Cloud Security Scanner, which is made to scan developer’s application for security vulnerability on its cloud platform more effectively.
Have something to add Yahoo! Web Application Security Scanner ? Please add in comments.
Follow us on Facebook, Google Plus and Twitter to get more Tech News and reviews.