Help us make Indico better by taking this survey! Aidez-nous à améliorer Indico en répondant à ce sondage !

Oct 10 – 14, 2016
San Francisco Marriott Marquis
America/Los_Angeles timezone

Web technology detection - for asset inventory and vulnerability management

Oct 13, 2016, 3:30 PM
1h 15m
San Francisco Marriott Marquis

San Francisco Marriott Marquis

Poster Track 8: Security, Policy and Outreach Posters B / Break

Speaker

Sebastian Lopienski (CERN)

Description

In order to patch web servers and web application in a timely manner, we first need to know which software packages are used, and where. But, a typical web stack is composed of multiple layers, including the operating system, web server, application server, programming platform and libraries, database server, web framework, content management system etc. as well as client-side tools. Keeping track of all the technologies used, especially in a heterogeneous computing environment as found in research labs and academia, is particularly difficult. WAD, a tool developed at CERN based on a browser plugin called Wappalyzer, makes it possible to automate this task by detecting technologies behind a given URL. It allows for establishing and maintaining an inventory of web assets, and consequently greatly improves the coverage of any vulnerability management activities.

Primary Keyword (Mandatory) Security and policies
Secondary Keyword (Optional) Network systems and solutions

Primary author

Presentation materials