GET YOUR VULNERABILITY AND THREAT DATABASE SUBSCRIPTION
EKOLABS 2016


Tools

Published on September 30th, 2016 | by MaxiSoler

1

Dawnscanner v1.6.5 – Ruby Code Auditing Tool

Dawnscanner is a source code scanner designed to review your ruby code for security issues. Dawnscanner is able to scan plain ruby scripts (e.g. command line applications) but all its features are unleashed when dealing with web applications source code.

It supports major MVC (Model View Controller) frameworks, out of the box:

  • Ruby on Rails
  • Sinatra
  • Padrino

Dawnscanner is built with security in mind to provide you:

A solid vulnerability knowledge base: version 1.5.0 contains 209 security checks and mailing list and website talking about security are continuously polled to include new checks

An easy to use tool: dawnscanner provides report in both text and HTML format, it has a json output to be consumed in a script and it provides rake tests to be included in your development workout

Vulnerabilty mitigation: dawnscanner has mitigation suggestions in its knowledge base. You won’t be alone dealing with security bugs.

 

Changelog v1.6.5 – codename: Tow Mater (2016-09-30)

  • Issue #212 – CVE-2014-2538 is marked as being vulnerable to rack-ssl 1.3.4.
  • The check was triggered for rack-ssl version < 1.4.0. However 1.3.4 is marked as safe, so the check has to be changed as well.

Changelog v1.6.4 – codename: Tow Mater (2016-09-27)

  • Issue #199 – CVE-2015-4020 seems to give the wrong Solution
  • Issue #168 – Dawn fails for many CVEs that rails 3.2.22 is not vulnerable to

Changelog v1.6.3 – codename: Tow Mater (2016-09-06)

  • Issue #107 – Applying PULL REQUEST from @MKgridSec about CVE-2013-0334 check
  • Issue #196 – Applying PULL REQUEST from @MKgridSec about CVE 2016 0751 incorrectly flagged
  • Issue #197 – Applying PULL REQUEST from @MKgridSec about CVE-2016-2098 incorrectly flagged

More Information: here

Thanks to Paolo Perego, for sharing this tool with us.

Tags: , , , , ,


About the Author

ToolsWatcher :)
@maxisoler



One Response to Dawnscanner v1.6.5 – Ruby Code Auditing Tool

  1. Pingback: Dawnscanner v1.6.5 – Ruby Code Auditing Tool – sec.uno

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top ↑