Month: July 2018

Comparison of Application Security Testing Approaches

Overview The following table lists a side-by-side comparison of different application security testing approaches. Additional rating details are available when hovering over each column. In the following, each approach is introduced.
Category Automated Security Testing Manual Security Testing Approach Static Application Security Testing (SAST) / Static Code Analysis Dynamic Application Security Testing (DAST) / Blackbox Tools Whitebox / Code Audit Blackbox / Pentest Taint Analysis Pattern Matching Language Specific (RIPS) Language Generic Code Coverage Early Bug Detection Detect Complex Issues Detect Logical Flaws Result Accuracy Remediation Details Initial Costs Setup Costs Verification Costs Remediation Costs

TikiWiki 17.1 SQLi: Scan, Verify and Patch in Minutes

Scanning TikiWiki comes with many built-in features. A manual audit of such a huge code base for security issues would require a tremendous amount of time and expertise. The automated security analysis of TikiWiki’s 1.7 million lines of code with RIPS took roughly 14 minutes. Once the scan finished, a vulnerability of type SQL Injection was reported in the user interface.
By selecting the SQL injection category in the RIPS UI, we can see a summary of the affected code lines (top), an issue description (right), and the original code as reference (bottom).
Search Full-Text within 4M+ Books

Search Full-Text within 4M+ Books

Open Library now lets you search inside the text contents of over 4M books!

Comparison of Application Security Testing Approaches 2

A Full-Text Search for “thanks for all the fish” on openlibrary.org

What’s Full-Text Search?

Many book websites, like Amazon and Goodreads, give you the ability to search for books by title and author, but they don’t make it easy to find books based on their contents. This type of searching is called “Full-Text Search”.

Try searching for “brewster kahle alexa internet” on Goodreads or Amazon:

Comparison of Application Security Testing Approaches 3

A search for “brewster kahle alexa internet” on goodreads

Comparison of Application Security Testing Approaches 4

A search for “brewster kahle alexa internet” on amazon books

Have you ever heard a quote and wished you could figure out which book it came from? Open Library full-text search gives readers the ability to locate books which reference any snippet of text like, “Let every thing have its place“:

Comparison of Application Security Testing Approaches 5

A full-text search on openlibrary.org of “let every thing have its place”

Full-Text Search on Archive.org

I’ve been surprised to learn how many people didn’t know that Archive.org has had full-text search for several years — and its really powerful! In 2016, Giovanni Damiola (@giovannidamiola) led a major overhaul of Internet Archive’s full-text search system and unlocked the ability for users to perform full-text searches across almost 40M unique text documents — from patents, to yearbooks, to open-access research papers.

Comparison of Application Security Testing Approaches 6

How to activate Full-Text Search mode on Archive.org

 

Comparison of Application Security Testing Approaches 7

Full-Text Search of the quote “let every thing have its place” on Archive.org

Open Library Full-Text Search

When you search across 40M documents, it can be a challenge to find the one you’re looking for. One feature which Open Library has been missing is a way to limit Internet Archive’s full-text search to only include results from books on Open Library. So for the last two years, Open Library has patiently waited to take full advantage of full-text search for its users.

Earlier this week, Gio released an improvement to our full-text search engine which lets us get around this historical limitation — and so we jumped on this opportunity to improve our search on openlibrary.org! With the help of Razzi Abuissa, Open Library volunteer, and Mek, Open Library’s project lead, you can now search inside more than 4M Open Library books.

Try a Full-Text Search

Thanks for all the fish! …Wait, what book was that from again?