A Free WebApp Scan From China: Mighty Swell of Them
By Daniel Miessler on January 17th, 2010: Tagged as Information Security | Web Application Security
From this article by Todd Densmore at the HP AppSec blog:
We have known for a long time that China is engaged in actively sponsoring espionage. However, the focused targeting of private business is a newer, more sophisticated and lucrative threat. These spear fishing attacks are intensely researched and aimed at top level executives, and will become more common as time passes.
In a directly related point, consider the curious appearance of a new website called iiScan. This service (based in China) offers to scan your web application for vulnerabilities – for FREE. Just sign up and point their software to your website, and they will, ‘figure out’ how vulnerable to an attack you might be. After the scan is done, they will email you a PDF based report to your email account.