Appsec Knowledge Base

SHELLSHOCK VULNERABILITY TEST

Protect your applications with a Shellshock vulnerability test.

While Shellshock continues to be a critical application-layer vulnerability in the UNIX/Linux program Bash, a simple Shellshock vulnerability test can help to protect legacy web applications from this dangerous threat.

The Shellshock bug was first discovered in September 2014. Like other code injection attacks, Shellshock is easy to execute but can severely damage organizations, making it one of the most dangerous vulnerabilities for web applications. Cyber criminals can use Shellshock to access databases, expose sensitive files or to install malware that turns systems into part of a DDoS botnet.

Public facing web applications are the most vulnerable to a Shellshock attack because attackers have constant access to them. Legacy web applications are the easiest to breach.

While a simple Shellshock vulnerability test can identify the weaknesses that enable an attack, employing a traditional app vulnerability scanner on thousands or tens of thousands of web applications is time-consuming and expensive. That’s where Veracode can help.

A Shellshock vulnerability test from Veracode.

Veracode provides industry-leading application security solutions, products and services that help to protect the mission-critical software business relies on.

Offering a suite of SaaS-based testing technologies, Veracode reduces the cost and complexity of vulnerability scanning and performing a Shellshock vulnerability test. IT teams no longer need to implement, maintain or upgrade website vulnerability scanner solutions on premise, and developers no longer need to learn a new tool in order to test their code. Veracode technologies automatically scan websites and web applications in pre-production and production environments, while simplifying 3rd party risk management with tools to scan commercial, open-source and third-party software.

In addition to Shellshock, Veracode’s application security solutions protect organizations from a wide variety of threats and vulnerabilities, including the CWE/SANS Top 25 and the OWASP Top 10.

How Veracode’s Shellshock vulnerability test works.

Veracode’s Web Application Scanning (WAS) solution includes technology for a Shellshock vulnerability test. This cloud-based service is built on a massively parallel, auto-scaling cloud infrastructure, enabling it to scan thousands of websites in parallel.

To perform a Shellshock vulnerability test, WAS first searches for and discovers all of an organization’s known and unknown web applications, including temporary sites, sites acquired via M&A, and sites that IT may have lost track of over the years.

WAS then uses dynamic analysis and automated crawling to examine the pages of every site. By performing a Shellshock vulnerability test on every page of every website, this automated solution goes much farther than traditional vulnerability scanning technology that injects the signature to only a few well-known directories.

Learn more about a Shellshock vulnerability test from Veracode, and about Veracode solutions for gray box testing.

 

 

contact menu