This is an archive post from the Netsparker (now Invicti) blog. Please note that the content may not reflect current product names and features in the Invicti offering.
Are you are using SSL on your web applications and websites? Scan them with the new version of Netsparker Web Application Security Scanner to find out if they are vulnerable to the latest critical SSL vulnerability Heartbleed. Top sites such as Yahoo! and Flickr are vulnerable to the heartbleed bug.
The heartbleed bug is a serious vulnerability in the popular OpenSSL library, which is used to provide SSL functionality on web servers. The vulnerability allows malicious hackers to steal private information. Once exploited the malicious attacker can access sections of the web server's memory where sensitive data such as users' passwords are stored. This also means that the malicious attacker can retrieve the web server's private key hence can decrypt any encrypted information sent to the websites and web applications running on the web server itself.
One of the easiest exploits is hijacking sessions by accessing cookies and requests from the web server's memory. Since the heartbleed vulnerability affects the OpenSSL library, Microsoft's IIS (Internet Information Services) web server is not affected by the issue.
Identify Heartbleed Vulnerability in Your Web Applications
Netsparker can automatically identify the heartbleed SSL vulnerability in your web applications. Netsparker will not simply check the version of the OpenSSL library you are running but will send the necessary requests to perform a full scale heartbleed vulnerability check.
If you are already using Netsparker, upon starting up the scanner it will automatically check for updates and alert you to download the latest update. Alternatively launch the product and click Check for Updates from the Help drop down menu.
If you are not using Netsparker, we recommend you to download Netsparker Trial Edition to see for yourself how within a minute or two you can launch automated web vulnerability scans against your websites and web applications and identify vulnerabilities that might leave you and your business exposed to malicious hacker attacks.
For more detailed information about Heartbleed SSL vulnerability refer to the Heartbleed article on Wikipedia.
Your Information will be kept private.