TMCnet News
BackTrack adds RandomStorm WordPress security scanner; free download alerts security experts to vulnerabilities created by plug-ins(M2 PressWIRE Via Acquire Media NewsEdge) Leeds, -- security management and compliance specialist, RandomStorm, has announced that WPScan the free WordPress security scanner that the company developed in July, has been added to the latest BackTrack programme. BackTrack is an open source operating system that provides security consultants with an array of digital forensics and penetration testing tools, used to assist them in finding and remedying security flaws in company networks, websites and applications. Tools are grouped into categories including: vulnerability assessment, stress testing, reverse engineering, forensics and reporting. RandomStorm WPScan checks blogs for plug-ins that could open up back doors into Websites, which could then be exploited by hackers to inject SQL code into Web pages or conduct a cross site scripting (XSS) attack. It was developed by RandomStorm penetration tester, Ryan Dewhurst, who also developed the Damn Vulnerable Web Application (DVWA), which teaches developers how to secure their Web applications. The WordPress Scanner software enables security professionals and WordPress administrators to check for plug-ins or vulnerabilities that could leave blogs and Websites open to hackers. "BackTrack is used by the majority of penetration testers the world over, so I'm delighted to see WPScan being added to the programme just a few weeks after we released it," said Dewhurst, "This will enable the security community to continue refining the scanner so that Web developers and blog administrators can gain an even more powerful tool to check for any unwanted plug-ins or vulnerabilities in their blogs." Andrew Mason, Technical Director at RandomStorm commented, "WPScan was initially developed as part of RandomStorm's service to help clients to identify vulnerabilities and improve the overall security of their businesses. BackTrack's inclusion of the scanner will make it available to a much broader audience and help people all over the world to improve their blog and Website security." RandomStorm provides vulnerability scanning and intrusion detection services to help companies to improve their security posture. The company is a CESG CHECK security consultancy and a Qualified Security Assessor for the Payment Card Industry Data Security Standard (PCI DSS). WPScan is a black box tool developed using the Ruby programming language and sponsored by the RandomStorm Open Source Initiative. It is available for free download from http://www.randomstorm.com/wpscan-security-tool.php References: BackTrack website: http://www.backtrack-linux.org/ BackTrack Wikipedia entry: http://en.wikipedia.org/wiki/BackTrack RandomStorm Website: WPScanner download link http://www.randomstorm.com/wpscan-security-tool.php Ryan Dewhurst blog on WordPress Scanner: http://www.ethicalhack3r.co.uk/ InfoSecurity Magazine, 22nd July 2011, "Free WordPress security scanning software released" http://www.infosecurity-magazine.com/view/19623/free-wordpress-security-scanning-software-released/ About RandomStorm RandomStorm is a UK-based software development company focused on providing enterprise-level, proactive security management tools. The company's core products include an online vulnerability scanning service, xStorm and a network security appliance which enables in-depth scanning of the entire corporate network topology. The core products are supported by a range of complementary monitoring, alerting and remediation services. www.randomstorm.com Josie Herbert, Phiness PR Mobile: +44 (0)7776 203307 Tel: +44 (0) 1252 400569 Twitter @ Phinessence www.phinesspr.co.uk Phiness PR Ltd. Registered Office: Westmead House, Westmead, Farnborough, Hampshire, GU14 7LP. Registered as a Limited Company in England No: 7040639. ((M2 Communications disclaims all liability for information provided within M2 PressWIRE. Data supplied by named party/parties. Further information on M2 PressWIRE can be obtained at http://www.presswire.net on the world wide web. Inquiries to [email protected])). (c) 2011 M2 COMMUNICATIONS |
