Create an Account
username: password:
  MemeStreams Logo

OWASP Scrubbr


Picture of Acidus
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

Acidus's topics
Health and Wellness
Home and Garden
Current Events
Local Information

support us

Get MemeStreams Stuff!

OWASP Scrubbr
Topic: Miscellaneous 10:15 am EST, Feb 23, 2009

What is Scrubbr?

Scrubbr is a BSD-licensed database scanning tool that checks numerous database technologies for the presence of possible stored cross-site scripting attacks. The tool was partially inspired by "Scrawlr", a trimmed-down version of HP's WebInspect which was released for free after the so-called "asprox" mass-SQL injection bot exploited hundreds of thousands of insecure ASP sites.

If you can tell Scrubbr how to access your database, it will search through every field capable of holding strings in the database for malicious code. If you want it to, it will search through every table, every row, and every column. This will be very slow on large enterprise databases, but its very useful to have assurance that there is no malicious data anywhere in the system.

This is a sexy idea. Major kudos to the Aspect guys for yet again giving back to the Web Security Community.

This is another example of several new tools, projects, and products I've seen recently (some under NDA) that are premised on the fact that you will be hacked. Instead of prevention they are focused on detecting when you have been 0wn3d. I'm still not sure if this is the right approach but most of these solution are extremely cheap, have a low footprint, and do a fairly good job as there is a lot of low hanging fruit here.

OWASP Scrubbr

Powered By Industrial Memetics