News — scnr

Hello all!   I wanted to let you know that Codename SCNR v1.7.2 is out and includes several bug fixes and optimizations.   More importantly, however, Introspector support has been added for .NET and Java; now covering .NET, Java and Ruby web applications, with more to come. The instrumentation allows the capture of: Server-side code execution. Server-side data flow (-- not for Java unfortunately). Client-side code execution. Client-side data flow. This in turn allows for immense context to be attached to each identified vulnerability, thus making narrowing down bugs easier than ever.   In addition, with AI and this much...

Hello all, Codename SCNR v1.5 and Codename RKN 1.4 have just been released, both now with support for incremental scans. This means that a scan session is maintained and the following workflow is now possible: Run initial/seed scan. Store its session in a file. Run a re-scan, auditing only newly introduced input vectors, i.e. continuing a previous session. Store its session in a file. And so on and so forth. This has the massive advantage of re-scans being immensely quick, as they will only concern themselves with newly introduced input vectors, rather than being full dumb scans again and again....

Hello all, I would like to introduce to you the new addition to the Codename SCNR suite of products, the "Community" edition. Community is a free edition, aimed towards individual penetration testers without many requirements, just running a CLI scan and going over the results in place -- no reporting. In essence, free and high-quality WebAppSec scanning for all! Hooray! :) In your place, I'd sprung a few bucks and buy the Basic edition for the extra reporting features, but to each their own, plus, Community is a great way to evaluate the engine behind Codename SCNR and make an...

Hello all, I am very pleased to announce the commercial release of Ecsypno's DAST/IAST offering:     Codename SNCR is a highly evolved web application security scanner, utilizing DAST, as well as IAST, techniques -- DAST to analyze server-side behavior from a black-box perspective and DAST & IAST for client-side Javascript environment analysis. In addition, server-side IAST capabilities exist for Ruby web applications, but those are going to be rolled out later on. Editions Codename SCNR comes in 3 editions: Basic -- CLI utilities to manage the scanner engine. + Ruby API for scripting. Pro -- Basic features + a...