Landing Blogsecurify

Thu, 26 Jun 2008 08:45:30 GMT
by pdp

During the last couple of days, we combined forces with Blogsecurity.NET in an effort to improve their online Wordpress vulnerability scanner. The result of these efforts is our new initiative called Blogsecurify.

Blogsecurify was created to help individuals and organization to secure their social media infrastructure by running a set of security checks. The project is still in alpha stage although I am quite happy with the actual security testing framework, which I believe is the only one of its kind. The same framework will be used for several other projects but I will talk about them when their time come.

Archived Comments

psy.echopsy.echo
Nice work PDP. I checked my blog :) It says .. perfect ... thus adding another check mark to security! Cheers.
takuantakuan
I thought it was interesting to run the scanner against "www.gnucitizen.org/blog/" and it returned...
This blog is running a vulnerable version of WordPress, please upgrade to the latest version available here.
pdppdp
takuan, thanks for the info, although I know and you know that this information is totally fabricated. :) thanks anyway!
AlexAlex
For which vulnerabilites will Blogsecurify check those blogs out there? Will it create new entries via SQLi, etc. and does it only check blogs running WP for the moment? I didn't find some info about it.
pdppdp
Alex, the test is none-exploitative so it should not create any bogus entries within your database.
aungkhantaungkhant
At first glance , I think this checks against public exploits such as in OSVDB/Milw0rm. Great. As for me I just wanna write a perl script that greps "Generator" meta tag like Word 2.0.3 and greps latest version info. If out-dated, extract wordpress vulnerabilities in wordpress version < latest and show them to user and warn her to upgrade.