cumulus v0.0.2 releases: web application weakness monitoring
What’s Cumulus
Cumulus is a service that helps you monitor and fix security weaknesses in real-time. The issues will be reported on a web dashboard. It’s very simple and powerful.
Key features
Just install SDK to web front, can be found security weakness on service
- SDK detects weakness from Inner Layer, dynamically (ex_ DOM Event, XHR Request)
- Scanner detects weakness from Out Layer, statically (ex_ Crawl of web resources and analysis that)
| Name | Origin | Description |
|---|---|---|
| XSS | SDK | When the user inputs an xss pattern string, trigger detection of XSS |
| SQL injection | SDK | When the user inputs a SQL injection pattern, trigger detection of SQLInjection |
| Sensitive Payload | SDK | When requesting with sensitive payload. for example, unencoded raw password |
| File Upload | SDK | When user embed any file worried for the system. for example, web shell |
| Unnecessary Comment | Scanner | Code comments are on the served HTML or JS |
| Directory Traversal | Scanner | Detect directory listing vulnerability |
| Guessing | Scanner | Detect sensitive pages like admin |
| Unobfuscated Code | Scanner | Detect unobfuscated vulnerable codes |
Changelog v0.0.2
- [weakness] ✨ Add SQLInjection detection
- [weakness] ✨ Add File Upload Attack detection
- [core] 🥅 Catch many of unexpected errors
- [core] 🔧 Apply linting, test codes
- [core] ♻️ Refactor to whole codes as modularization
Install & Use
Copyright (c) 2021, TopHat
All rights reserved.
