View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Software
July 28, 2010

Qualys releases open source web application fingerprinting

Helps administrators identify everything running on their servers

By CBR Staff Writer

Qualys, a provider of IT security risk and compliance management offerings, has released open source web application fingerprinting engine BlindElephant, which identifies application and plugin versions via static files.

The company said that its new tool helps security professionals and systems administrators identify everything running on their servers, including any web applications users may have downloaded. It utilises a new approach that relies on hashes of static resource files within the application to infer a version number.

For each application that the tool will support, BlindElephant consumes a number of version directories. All files and directories are processed, and a hash is computed for each file. This hash is stored in a temporary table, along with the path and version of the application it came from.

Qualys said that its BlindElephant was designed for: minimal human effort to support new versions/apps; resistance to hardening; accuracy to reduce false positives and false negative rates; and generic to reuse the same code for all supported applications.

Wolfgang Kandek, CTO of Qualys, said: "We are releasing the BlindElephant tool as an open source project in order to allow users to protect themselves and monitor their web applications. It is also an initial stepping stone to work with the community to increase the number of fingerprinted web applications."

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.