Grendel Scan 1.0: Automatic Security Check for Web Applications
Grendel Scan version 1.0, a Web application testing tools, was introduced at the Defcon Security Conference in Las Vegas.
The Open Source tool was implemented in Java and is thus available for a variety of platforms. It uses Java components from the Apache project, Mozilla's Rhino Javascript engine, and the database from the free Nikto scanner.
Grendel Scan can run as a proxy between the browser and the website under investigation to allow the tester to view and manipulate the HTTP traffic. The application covers a wide selection of tests including cross-site scripting (XSS), cross-site request forgery (CSRF), SQL injection, and session management vulnerabilities.
A Powerpoint presentation by the developers provides a useful overview of Grendel Scan's features.
Grendel Scan's makers, David Byrne and Eric Duprey, point to the fact that their software automates tests for trivial vulnerabilities as one of the major benefits. This helps qualified security staff to save time more usefully spent performing more complex manual tests. According to the developers, the tool does not remove the need for individual security tests and code reviews, which are still necessary to guarantee the security of any Web application. For example, a tool like Grendel Scan is unable to detect vulnerabilities in the application's logic or design.
There is no need to resolve any dependencies, apart from Java 5, for the GPLv3 licensed tool. The project's download page offers the Grendel Scan 1.0 source code along with builds for Linux, Windows, and Mac OS X. On top of this, there is a Slax-based live CD with the scanner and a flawed Web application for demonstration purposes. The ISO image still uses Grendel Scan version 0.9, however.
Issue 252/2021
Buy this issue as a PDF
News
-
Canonical Extends Support For Ubuntu 14.04 and 16.04
The company behind Ubuntu offered a much-needed lifeline to those who still depend on older versions of the open-source operating system.
-
GNOME 41 Has Arrived
The latest version of the GNOME desktop environment has been released with new functionality and plenty of improvements.
-
System76 Updates the 15" Pangolin with Ryzen
System76 announced they’re updating the Ryzen-powered Pangolin laptop to meet today’s need for more power.
-
KDE Plasma 5.23 Promises Plenty of Subtle Improvements
The next release of the KDE Plasma desktop includes new features, numerous improvements, and plenty of bug fixes.
-
GNOME 41 Beta is Now Available
The most popular open-source desktop environment is on the cusp of yet another new release, but don’t expect the massive changes found in the previous iteration.
-
Debian 11 “Bullseye” Now Available
The developers of Debian have released the latest version of the operating system so many distributions depend on.
-
Elementary OS 6 Odin Now Available
The developers of elementary OS have released their latest iteration which is all-in on Flatpaks and all about the user experience.
-
Kubuntu Focus Team Announces High-Performance Focus XE
The team behind the KDE-powered Linux laptops is now offering an ultra-portable laptop that doesn't skimp on performance.
-
Solus 4.3 Available for Download and Installation
The latest iteration from the Solus developers is out with kernel 5.13 and plenty of new features, bug fixes, and new hardware support.
-
Steam Deck Linux-Powered Gaming System Set to Take Over the Handheld World
A Linux and KDE-powered portable gaming platform is set to be released by Valve.