Using Watcher to make pen testing more efficient

The Watcher session was basically a sales pitch and demo for the Watcher tool, though it's a free tool so "sales pitch" is not exactly right. Watcher is an open source tool that sites inside of Fiddler which is a web proxy useful for debugging web applications.

The application is a windows only tool.

So, I left the room and went to see Social Media Zombies next door. I'm sure Fiddler and Watcher is pretty awesome, but Grendel is actually cross platform so it's much more interesting to me.

Basically they create a bot and control it with twitter. Turns out, this was actually used for evil after it was initially launched. Further, it's possible to use Facebook, Wave, MySpace, etc. to run XSS and get access to your private data. Overall, quite an interesting presentation with more good resources at Digi Ninja and Social Media Security.

The Book, The Report

Cracking Drupal: A Drop in the Bucket

Written by a Drupal expert, this is the first book to reveal the vulnerabilities and security issues that exist in the sites that have been built with Drupal and how to prevent them from continuing.

Drupal Security White Paper

Curious about Drupal's security? Consider Drupal but want to make sure it's good enough? Read the Drupal Security Report

Security Review Module

If you are concerned about whether your site is secure, consider using the Security Review Module to get a free review of your site's security health. Did it find problems? Consider hiring a security expert from Drupal Scout to audit your site.

Recent Blog Posts

Improvements to Security in Drupal 7

Posted by greggles

0 comments
Why counting vulnerabilities is not a sufficient method of comparing product security

Posted by greggles

0 comments
Notes from Linux Security Tunables by Kees Cook

Posted by greggles

0 comments