Homepage tabWindows tabGames tabDrivers tabMac tabLinux tabScripts buttonMobile tabHandheld tabGadgets tabNews tab


NEWS CATEGORIES:



NEWS ARCHIVE >>
SOFTPEDIA REVIEWS >>
MEET THE EDITORS >>
Home / News / Microsoft / Security

Security

Open Source Passive Security Tool for Web Applications

Available for download

By Marius Oiaga, Technology News Editor

17th of April 2009, 15:21 GMT

Adjust text size:


Internet Explorer 8
Enlarge picture
Watcher version 1.1.0 is now available for download from Microsoft's repository of open-source projects. The Redmond company is not the author of Watcher, but it is certainly recommending the tool via its online hotspot dedicated to the Security Development Lifecycle. Put together by Casaba Security, Watcher is designed to enhance Fiddler proxy, a tool developed by Eric Lawrence, IE program manager. In this context, the plug-in from Casaba Security complements Lawrence's web debugging proxy, closely monitoring and analyzing
HTTP traffic.

“Watcher is a plug-in for Eric Lawrence’s Fiddler proxy aimed at helping developers and testers find security issues in their web-apps fast and effortlessly. Because it works passively at runtime, you have to drive it by opening a browser and cruising through your web-app as an end user. For the developer, the tool can provide a quick sanity check, so you can find problems and hot-spots that warrant further attention. In the hands of a pen-tester it can assist in finding issues that lead to other attacks like XSS and CSRF,” revealed Chris Weber of Casaba Security.

Version 1.1.0 of Watcher brings to the table no less than 35 checks. According to Weber, the tool will bring to the surface security issues that although evident are often overlooked. In this regard, the tool is capable of sniffing out a variety of vulnerabilities affecting areas such as cross-domain mashups, user-controlled HTML (potential XSS), open redirects, insecure handling of cookies, and Unicode, according to Weber.

“Setup is simple – install and run Fiddler, then launch the Watcher setup installer, or manually drop the Watcher DLL’s in Fiddler’s ‘scripts’ folder. Inside Fiddler, click Watcher’s “Security Auditor” tab and click ‘enable’. At this point the findings will start showing for any domain. To narrow things down, you’ll want to configure Watcher with the domain name you’re concerned about, and add any trusted domains you want to include,” Weber added.

Watcher version 1.1.0 is available for download here.

Fiddler is available for download here.

TAGS:

 Watcher | Fiddler | HTTP proxy
Read by 1,545 user(s) | Add comment | Link to this article TWEET THIS


Article rating:
NOT RATED 0 vote(s)    

Subscribe to news | Print article | Send to friend

© Copyright 2001-2009 Softpedia
Contact:

 

 

SEARCH THE NEWS ARCHIVE :




Today's News | Yesterday's News | News Archive


MORE RELATED ARTICLES:


Microsoft: Don't Download Windows 7 Interim Builds from Torrent Trackers

Microsoft Computer Online Forensic Evidence Extractor Free for Interpol

Download Patches for IE8 in Windows 7 Beta

Vista SP2 and Windows 7 More Secure than Linux and Mac OS X Leopard

Microsoft to Patch 2 Critical Vulnerabilities in Vista SP1 and XP SP3

Microsoft Details the Evolution of $250,000 Conficker Worm

Multiple Engines for IM Environments Security via Forefront

Download Codename Velocity CTP3

User opinions:

No user comments yet.
Be the first to express your opinion using the form below!

Share your opinion:

Your Name:
Your Email Address:
(will not be used for commercial purposes)
Solve this to prove you're not a bot: =
Your review/opinion:

 




Windows tabGames tabDrivers tabMac tabLinux tabScripts tabMobile tabHandheld tabGadgets tabNews tab

SUBMIT PROGRAM   |   ADVERTISE   |   GET HELP   |   SEND US FEEDBACK   |   RSS FEEDS   |   ENTER NEWS SITE   |   ENGLISH BOARD   |   ROMANIAN FORUM
© 2001 - 2009 Softpedia. All rights reserved.
Softpedia® and the Softpedia® logo are registered trademarks of SoftNews NET SRL.		 Copyright Information | Privacy Policy | Terms of Use | Update your software | Archive