The founder of a project that aims to offer a global web application vulnerability scanner has defended the potentially controversial technology. The tech is a useful tool to check the security of websites you use for shopping, or to which you've submitted your personal data, but it could equally be a tool for budding VXers - …
Obscurity is cheap
The problem - as companies see it - with highlighting their vulnerabilities so that their developers can remedy those vulnerabilities is that they have to pay developers.
I approve of PunkSPIDER but I fully expect to see it banned and the creator arrested and/or otherwise forcibly silenced. Money rules the world and that money doesn't like things that sway its risk/costs assessments.
Re: They have to pay developers
Paying developers to do work?
Let's hope this catches on!
Not scanned much have they?
Enter URL, <NOT FOUND>.
I can see this being very useful though. And many tools can be used for good and evil there is no stopping that. An axe is meant to chop wood, but you can quite easily harm people with it.
So is this like Qualys web vulnerability scan?
Unfortunately, I suspect that a honest-to-god "vuln scan" might well make the scanned site unresponsive or worse and get the author into hot water. So these will be avoided...
Thats WordPress and countless plugins fucked then.