Thursday, 22 March 2007
The tool will be released later this week during the annual East Coast hacker convention ShmooCon in Washington D.C. Jikto is a web application vulnerability scanner which, according to Mr. Hoffman, can be embedded into an attacker’s website or injected into trusted sites through cross-site scripting flaws. It can silently sound and audit any kind of website and then sent the results to the attacker who set up the tool.
Jikto and other similar tools could be used to detect holes in digital systems, so facilitating cyber-criminals’ activity. The main difference between Jikto and previous tools is that it runs from a web browser and distributes the bug-hunting task across multiple PCs, whereas the others were basically traditional PC applications.
Moreover, Hoffman said that “Jikto can hunt for various common security holes and can connect back to its controller for instructions on which websites to hit and what flaws to look for". For example, it could be programmed to scan major banking websites for SQL injection vulnerabilities. Such vulnerabilities could be serious and open databases to attack.
Original News #1: http://www.zone-h.org/content/view/14660/31/
Original News #2: http://news.com.com/2102-1002_3-6169034.html
Original News #3: http://searchsecurity.techtarget.com/originalContent/0,289142,sid14_gci1248127,00.html