"Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as operational configuration issues. Watcher provides pen-testers hot-spot detection for vulnerabilities, developers quick sanity checks, and auditors PCI compliance auditing. It looks for issues related to mashups, user-controlled payloads (potential XSS), cookies, comments, HTTP headers, SSL, Flash, Silverlight, referrer leaks, information disclosure, Unicode, and more."

The Hacker News


This is the official change log:
  • Exporting results now includes all results rather than just those selected.
  • XML report now includes metadata about Watcher version and configuration.
  • Check for 'Charset not UTF-8′ improvements.
Download Watcher version 1.4.1 (WatcherSetup.exe) here.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.