Take part in the public testing of the service of Positive Technologies for finding vulnerabilities on websites

The company Positive Technologies offers Habr users to participate in the final stage of the public testing of a free online service for finding vulnerabilities in the PT BlackBox Scanner web applications.

What it is

The PT BlackBox Scanner (BBS) service is designed for all those interested in protecting web applications, from simple site owners to companies and experts testing the security of their clients ’sites.
')
The tool is easy to use: it takes only a couple of clicks to get a detailed report on the vulnerabilities found and recommendations for correcting them. The service is available even for sites located on the local network.

To prevent anonymous misuse of the PT service, the BlackBox Scanner requires proof of ownership of the site; to do this, the user needs to upload a special HTML file to the site root directory. Another way to work with PT BlackBox Scanner is to use a special agent program that you need to download: it runs on the user's computer and tunnels all scan requests through this computer to the scanned site.

The first stage of the public testing service started in spring 2017. Since then, we have collected feedback, and as a result, many improvements have appeared in the product. Here are the most important ones:

• increase scan speed up to 10 times
• maximum safe scanning without harm to the site,
• the ability to scan sites that are closed by authorization (HTTP and form-based),
• accurate detection of vulnerabilities in popular CMS (WordPress, Drupal and Joomla) and their plugins using black and white box methods,
• detection of not only vulnerabilities, but also non-security errors.

The improvement of the PT BlackBox Scanner has become possible thanks to the active work of the beta testers, and we hope to work together to make the product even better and more useful.

How to participate in testing

At the moment there is a second stage of public testing. It is very easy to take part in it - you just need to follow the link bbs.ptsecurity.com/ru and use BBS to crawl websites, and then describe your impressions. Feedback can be in any format - from emails with reviews to review on the blog. Write your comments on feedback.bbs@ptsecurity.com or fill out a special questionnaire .

We will present our branded backpacks or aerodivans to the authors of the most useful reviews and public reviews.