 |
News /
News2010 | 2009 | 2008 | 2007 | 2006 | 2005 | 2004 August 24, 20102010: The year of leaks - Syhunt Founder Felipe Aragon writes about the massive leaks happening globally. July 20, 2010Syhunt releases Gelo -- a tool that can be used for creating web security audit tools/exploits - We are excited to announce the release of Gelo. Gelo is a tool that can be used for easily and quickly creating web security audit tools using the Lua language. Gelo/Lua will allow us to expand the functionality of our Sandcat security scanner more aggressively and others to create Gelo-powered security utilities that are independent of Sandcat. Visit here and learn about Gelo. July 6, 2010Syhunt researched 29 thousand web vulnerabilities since 2002 - This week, we reached a total of 29 thousand web vulnerabilities researched. The way things are going, we expect to reach 50K before 2014. Most of the researched vulnerabilities are related to PHP applications and insecure CGIs. It is for this reason that Sandcat today comes with 10K (10006) PHP security checks and thousands of other checks. We are also committed to keeping Sandcat for PHP up-to-date with the most advanced source code analysis technology. Stay tuned as we plan to unveil new versions of our tools and additional web application security tools throughout the year.
FusionCharts.
April 14, 2010Sandcat 4.0 adds ultra fast scans and expanded browser emulation feature set - After months of intense work, Syhunt is proud to introduce Sandcat 4.0. The new version brings enhanced JavaScript support, ultra fast scans, UI performance and usability improvements, additional stability, a console version and more. What's New in Sandcat 4.0
We hope you enjoy this new release! Many thanks to the people who beta tested the new version and the organizations who support our work. March 8, 2010U.S. Department of Defense chooses Syhunt for Web Application Security - Syhunt is pleased to announce that the U.S. Department of Defense (DoD) has chosen Sandcat to automate web application security testing. Felipe Aragon, CEO of Syhunt, says: "We are very proud to be selected by the DoD to provide the WAS solution they require. Sandcat is specifically designed to proactively defend networks against the massive, wide range of sophisticated cyberattacks taking place at the Web application level, a need that the DoD and all government entities and companies today share. We look forward to working with the DoD." Earlier, Syhunt announced it's Sandcat web application security scanner had been selected by the U.S. National Oceanic and Atmospheric Administration (NOAA). Sandcat offers both remote security testing and source code analysis for web applications in one integrated tool -- an approach known as hybrid testing. February 8, 2010Sandcat Pro now performs gray box testing - This week we released Sandcat for PHP 2.0 and Sandcat 3.9.4. With this release you can finally use both products together. The integration means that the core UI functionality of Sandcat (extensions support, session reload, advanced report generation, etc.) is now available for Sandcat4PHP. It also means that now you can perform automated gray box testing. This refers to the ability to scan the application's source code first, acquire important information about them, and then try to remotely confirm flaws (XSS, File Inclusion, SQL Injection, Command Execution, etc) by using this information. We are very happy to be the first web application security provider to offer this kind of next-generation functionality. When performing a web application security assessment, now you can choose between the three different approaches, black box (remote scan), white box (source code scan) or gray box (the combination of both approaches), all of them able to uncover a wide variety of web application security vulnerabilities. January 1, 2010Happy 2010! We expect to release a major upgrade of Sandcat (version 4.0) in the next couple of weeks. We still have intense work ahead before the new version is rolled out. Besides the introduction of some new ideas, the roadmap we presented to some of you during the last months remains intact. We will update you as soon as more info is available. August 15, 2009Sandcat 3.9 takes advantage of UTF8-Decode problems to evade filters - Sandcat 3.9.0.2 update, released today, takes advantage of UTF8-Decode problems to evade filters when performing injection checks. The new technique complements the set of filter evasion techniques implemented in previous Sandcat releases. UTF8-Decode risks have been presented by experts Eduardo Vela and David Lindsay during the BlackHat USA 2009 (See: Our Favorite XSS Filters/IDS and how to Attack Them). Sandcat 3.9.0.2 update also includes additional WAF and IDS evasion techniques, targeting mod_security and PHP-IDS, and improved support for HTML 5. August 6, 2009Sandcat 3.9 Preview Release available for download - We're happy to make available a preview release of Sandcat 3.9. The new version expands the browser emulation feature set by adding new HTTP and SSL/TLS options, Socks support and additional authentication options. The new version can also perform a web structure brute force scan without having to re-crawl the target host (in other words, it remembers the last web structure of scanned web sites). Sandcat 3.9 also comes with a tweaked user interface that can provide a better user experience. June 10, 2009Syhunt introduces Sandcat 3.8 - Today we finally released Sandcat 3.8. The new version of Sandcat has improved JavaScript/AJAX support (JavaScript emulation complements the JS analysis feature available since version 3.0), multi-layer defense evasion capabilities, user interaction simulation capabilities, multi-thread sessions support and also includes a new, improved HTML parser, improved link detection, and faster and more robust report generation. May 11, 2009Sandcat Pro now supports concurrent scans - The first beta of the Sandcat Session Launcher tool, released today, adds concurrent scans support in Sandcat Pro. Multiple session threads and multiple host threads per session are supported. If you are a registered Sandcat Pro user, you're invited to beta test it! Details on how to download the new tool will be emailed to you today. April 20, 2009Welcome our new Customers - Thank you to all the kind people and organizations that joined our customer community within the last months. Special thanks to the UK government agencies and the growing list of universities that are adopting vulnerability assessment and secure coding practices and decided to use our software. We are currently working on new versions of both Sandcat and Sandcat for PHP to make them better than ever for you. Several new technologies are under development and will be released throughout 2009. April 20, 2009Sandcat 3.7 supports Windows 7 - We would like to announce that Sandcat 3.7 supports Windows 7 and will have a 64-bit version soon. We think Windows 7 is shaping up to be a very solid release, so we are happy to support this new platform. January 14, 2009PHP threats continue to rise but more work & education could help - Rising PHP security issues; The future of PHP development Click here to read this article online, or download the PDF version. January 8, 2009Round Cube Webmail probes spreading rapidly - A recommended reading about this issue is available at: http://stateofsecurity.com/?p=550 Sandcat was updated today and the new version (3.7.1.1) already detects this issue. |
Customer Login
