Create an Account
username: password:
  MemeStreams Logo

JavaScript bug hunting tool demonstrated


possibly noteworthy
Picture of possibly noteworthy
My Blog
My Profile
My Audience
My Sources
Send Me a Message

sponsored links

possibly noteworthy's topics
Health and Wellness
Home and Garden
Current Events
  War on Terrorism
Local Information
  International Relations
  Politics and Law
   Intellectual Property
  Military Technology
  High Tech Developments

support us

Get MemeStreams Stuff!

JavaScript bug hunting tool demonstrated
Topic: High Tech Developments 10:57 am EDT, Mar 25, 2007

A security researcher at ShmooCon on Saturday demonstrated, but did not release, a tool that turns the PCs of unknowing Web surfers into hacker help.

As expected, SPI Dynamics researcher Billy Hoffman demonstrated a Web application vulnerability scanner written in JavaScript. The tool, called Jikto, can make an unsuspecting Web user's PC silently crawl and audit public Web sites, and send the results to a third party, Hoffman said.

"The whole point was to show how scary cross-site scripting has become."

"Once one person has talked about the ability to do it, it doesn't take that long for somebody else to come up with it," said one ShmooCon attendee who asked to remain anonymous. "It will come out."

There are already 50k hits for a Google search on "Jitko". A few comments from around the web: Jeremiah Grossman, of Whitehat Security, and "Pascal". Anurag Agarwal offered a Reflection on Billy Hoffman, along with a photo:

This week on Reflection we have a very young guy from the webappsec field.

Billy’s knowledge on Ajax is tremendous ... his ability to think differently has helped him achieve so much in such a short time.

I got a chance to meet with him in the WASC meetup at RSA. He is a very lively character. Let me put it this way, if billy is a part of a conversation, you won’t get bored even if you just stand there and listen.

JavaScript bug hunting tool demonstrated

Powered By Industrial Memetics