DefenseCode Web Security Scanner - Community Edition, Free of Charge

tedjamestedjames Member Posts: 1,182 ■■■■■■■■□□
This came to me via the Websecurity Digest. Anybody use this? Since the free version is meant for personal and non-commercial use only, I guess you could use it to learn.

DefenseCode is pleased to announce that we are giving away a Community
Edition of our DefenseCode Web Security Scanner v2.0 absolutely free of
charge for personal and non-commercial use
(https://www.defensecode.com/webscanner.php).

DefenseCode Web Security Scanner is a DAST (Dynamic Application Security
Testing) product for testing security of live web sites and web
applications. All security scanning and vulnerability detection features
available in the full (Pro) version of DefenseCode Web Security Scanner
are also available in the Community Edition. There are no limitations in
vulnerability detection.

You will be able to scan for SQL Injection, Blind SQL Injection, Cross
Site Scripting, Command Execution, Path Traversal, Code Injection, HTTP
Response Splitting and 50 other vulnerability types including OWASP TOP
10 and thousands of CVE described vulnerabilities. Moreover, DefenseCode
Web Security Scanner will even detect if there is a some sort of WAF
(Web Application Firewall) in front of the web site that you are scanning.

DefenseCode Web Security Scanner can be used regardless of the web
application development platform. Web Security Scanner supports major
web technologies such as HTML, HTML5, Web 2.0, AJAX/jQuery, JavaScript
and Flash. DefenseCode Web Security Scanner supports security testing of
HTTP GET requests, HTTP POST requests, HTTP Cookies, HTTP Headers, JSON
and XML formatted HTTP requests.

Although DefenseCode Web Security Scanner can be easily used as
click-and-run tool, it is also easily configured for advanced security
testing. You can configure a number of collected links, depth of scan,?
number of threads, custom 404 pages, scanning exclusions, vulnerability
types that you want to scan for and many more.

Beside straightforward security scans, there is also a possibility to
set post-authentication web security scanning. DefenseCode Web Security
Scanner supports web based authentication with Basic, Digest and NTLM
authentication, Client SSL Cert authentication, custom cookie
authentication and complete authentication process recorder for HTML
form based authentication. Within DefenseCode Web Security Scanner there
is also an HTTP Proxy incorporated for recording much more complicated
login procedures.

Along with the web security scanning capabilities there are also
additional security tools like HTTP Request Composer, Authentication
Tester, URL Fuzzer and Authentication Recorder.

Best of all, we are providing the Community Edition of the product
absolutely free of charge as long as it is for non-commercial and
personal use.

You can download the DefenseCode Web Security Scanner Community Edition
here: https://www.defensecode.com/webscanner.php (at the bottom of the
page).

Regards,
DefenseCode Team
www.defensecode.com

Comments

  • infosecsinfosecs Member Posts: 48 ■■□□□□□□□□
    nice, thank you for posting it here.
  • soccarplayer29soccarplayer29 Member Posts: 230 ■■■□□□□□□□
    How does this compare to the other web application scan tools (e.g., burp)?
    Certs: CISSP, CISA, PMP
  • chrisonechrisone Member Posts: 2,278 ■■■■■■■■■□
    Very cool! Thanks for sharing!
    Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
    2023 Cert Goals: SC-100, eCPTX
  • SaSkillerSaSkiller Member Posts: 337 ■■■□□□□□□□
    Limited use cases as non-commercial use pretty much limits it to use in your lab and websites you use but don’t make money off of/with.

    Anyway, I’ve never heard of them. YouTube only shows two videos on the product, both by the company with crappy music. They seem to be blind in what I would want to see in a product demo. Looks a bit like Nessus. I have my doubts it can currently complete with other tools.
    OSWP, GPEN, GWAPT, GCIH, CPT, CCENT, CompTIA Trio.
  • coffeeluvrcoffeeluvr Member Posts: 734 ■■■■■□□□□□
    Thanks for sharing..
    "Something feels funny, I must be thinking too hard. - Pooh"
  • scaredoftestsscaredoftests Mod Posts: 2,780 Mod
    Cool..
    I will have to look into that...
    Never let your fear decide your fate....
Sign In or Register to comment.