News — trace

Codename RKN: The WebApp attack surface mapper.

Codename RKN: The WebApp attack surface mapper.

Hello all, I would like to introduce to you the new addition to Ecsypno's product line: Codename RKN Codename RKN is the first comprehensive WebApp attack surface mapper. It can help save countless hours from your daily duties by providing amazing insight into a web application's behavior and inner workings. It utilizes DAST and client-side IAST techniques to monitor everything about a black-box and presents its I/O characteristics in an approachable form. Codename RKN digs deep and will let you know how to prepare your penetration test approach for each web application based on how it processes its inputs and...

Read more


IAST/Contextual scanning for Ruby-on-Rails (and Rack in general)

Hello all,   Some time ago I announced the arrival of IAST scanning for Rack-based (such as Ruby-on-Rails, Sinatra, etc.) web applications. The feature is now here and I'd like to demo it for you. We have our application, in this case a Sinatra one, and it goes like: As you can see, scnr/introspector has been required and made use of. Now we run a scan with no additional options or configuration: ./bin/scnr http://localhost:4567/ [...] [+] Web Application Security Report - SCNR::Engine Framework [~] Report generated on: 2024-01-08 09:59:13 +0200 [+] System settings: [~] --------------- [~] Version:           1.0dev [~] Seed:...

Read more