News — scnr

Hello all, Codename SCNR v1.5 and Codename RKN 1.4 have just been released, both now with support for incremental scans. This means that a scan session is maintained and the following workflow is now possible: Run initial/seed scan. Store its session in a file. Run a re-scan, auditing only newly introduced input vectors, i.e. continuing a previous session. Store its session in a file. And so on and so forth. This has the massive advantage of re-scans being immensely quick, as they will only concern themselves with newly introduced input vectors, rather than being full dumb scans again and again....

Hello all, I would like to introduce to you the new addition to the Codename SCNR suite of products, the "Community" edition. Community is a free edition, aimed towards individual penetration testers without many requirements, just running a CLI scan and going over the results in place -- no reporting. In essence, free and high-quality WebAppSec scanning for all! Hooray! :) In your place, I'd sprung a few bucks and buy the Basic edition for the extra reporting features, but to each their own, plus, Community is a great way to evaluate the engine behind Codename SCNR and make an...

Hello all, I am very pleased to announce the commercial release of Ecsypno's DAST/IAST offering:     Codename SNCR is a highly evolved web application security scanner, utilizing DAST, as well as IAST, techniques -- DAST to analyze server-side behavior from a black-box perspective and DAST & IAST for client-side Javascript environment analysis. In addition, server-side IAST capabilities exist for Ruby web applications, but those are going to be rolled out later on. Editions Codename SCNR comes in 3 editions: Basic -- CLI utilities to manage the scanner engine. + Ruby API for scripting. Pro -- Basic features + a...

Hello all,   Some time ago I announced the arrival of IAST scanning for Rack-based (such as Ruby-on-Rails, Sinatra, etc.) web applications. The feature is now here and I'd like to demo it for you. We have our application, in this case a Sinatra one, and it goes like: As you can see, scnr/introspector has been required and made use of. Now we run a scan with no additional options or configuration: ./bin/scnr http://localhost:4567/ [...] [+] Web Application Security Report - SCNR::Engine Framework [~] Report generated on: 2024-01-08 09:59:13 +0200 [+] System settings: [~] --------------- [~] Version:           1.0dev [~] Seed:...