Difference between revisions of "Category:OWASP Joomla Vulnerability Scanner Project - Roadmap"

From OWASP
Jump to: navigation, search
(Long Term)
 
(9 intermediate revisions by one user not shown)
Line 1: Line 1:
 
== About OWASP Joomla Vulnerability Scanner ==
 
== About OWASP Joomla Vulnerability Scanner ==
  
Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few.So, watching its vulnerabilities and adding such vulnerabilities as KB to Joomla scanner takes ongoing activity.  
+
Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB of Joomla! scanner takes ongoing activity.  
  
It will help web developers and web masters to help identify possible security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.  
+
It will help web developers and pentesters to help identify published known security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.  
  
 
To my experience, security testing on Joomla! web application requires pentester to look back the published vulnerabilities and if free, move on to generic testing. If we do only generic testing, we might miss a lot because it needs the knowledge of Joomla! application - its vulnerabilities in what version, what components are vulnerable in what version, what common security mistakes that web masters make ...etc.
 
To my experience, security testing on Joomla! web application requires pentester to look back the published vulnerabilities and if free, move on to generic testing. If we do only generic testing, we might miss a lot because it needs the knowledge of Joomla! application - its vulnerabilities in what version, what components are vulnerable in what version, what common security mistakes that web masters make ...etc.
Line 9: Line 9:
 
== OWASP Joomla Vulnerability Scanner RoadMap ==
 
== OWASP Joomla Vulnerability Scanner RoadMap ==
  
== Current Features ==
+
== Short Term ==
  
The following features are currently available.
+
* Write to files of "Request-Response" of found vulnerable things for quick reviews
* Searching known vulnerabilities of Joomla! & its components
+
* Add MD5 cracker for found md5 hashes
* Reporting to Text & HTML output
+
* Add custom localized program message output
* Immediate update capability via scanner or svn
+
* Add administrator bruteforce module
  
== Future Features ==
+
== Long Term ==
  
The following is a list of changes that are tentatively scheduled for the OWASP Joomla Vulnerability Scanner Project release:
+
* Continuously watching published vulnerabilities of Joomla! and its components  and adding them to vulnerability database of the scanner
:# Write to files of "Request-Response" for found vulnerable things
+
* GUI for the ease of use and faster productivity
:# Add MD5 cracker for found md5 hashes
+
* Fixing bugs, adding features requested by users
 +
* Eventually available as a part of OWASP CMS scanner(coming not very Soon)
  
== Changes Under Consideration ==
+
[[Category:OWASP_Joomla_Vulnerability_Scanner_Project]]
 
+
*Implement features suggested by users
+

Latest revision as of 15:01, 18 June 2009

Contents

About OWASP Joomla Vulnerability Scanner

Joomla! is probably the most widely-used CMS out there due to its flexibility, user-friendlinesss, extensibility to name a few. So, watching its vulnerabilities and adding such vulnerabilities as KB of Joomla! scanner takes ongoing activity.

It will help web developers and pentesters to help identify published known security weaknesses on their deployed Joomla! sites. No web security scanner is dedicated only one CMS.

To my experience, security testing on Joomla! web application requires pentester to look back the published vulnerabilities and if free, move on to generic testing. If we do only generic testing, we might miss a lot because it needs the knowledge of Joomla! application - its vulnerabilities in what version, what components are vulnerable in what version, what common security mistakes that web masters make ...etc.

OWASP Joomla Vulnerability Scanner RoadMap

Short Term

  • Write to files of "Request-Response" of found vulnerable things for quick reviews
  • Add MD5 cracker for found md5 hashes
  • Add custom localized program message output
  • Add administrator bruteforce module

Long Term

  • Continuously watching published vulnerabilities of Joomla! and its components and adding them to vulnerability database of the scanner
  • GUI for the ease of use and faster productivity
  • Fixing bugs, adding features requested by users
  • Eventually available as a part of OWASP CMS scanner(coming not very Soon)

This category currently contains no pages or media.