Cumulus – Web Application Weakness Monitoring, It Would Be Working By Add Just 3 Codelines

AVvXsEiB3Ua1ekVkgbUcGdmlO9uxDrvg7MbezEVGZiK2NtUUUXlT3bwCROhxK7E WDQo7M7Prqgyo40k9NgSmiQZNBoECBe 5ggsrL4PYcN79WsTIhJPYMYDVpiR19bxK8FNmAdLuusr L yErJvw7XeEi4u TT1sRz yXwAHkZWqYb4AyQ4rNBKpuILQVlXQ=w640 h160

Cumulus is a service that helps you monitor and fix security weakness in realtime. The issues will be reported on web dashboard. It’s very simple and powerful.

AVvXsEgBxMl1d4soZ6kNreqa9QbaoPC WSnb48nC12tyCR9zVE4CiiNsrtyq IySeE7Ac16QDcoAreRPqpOHKUbW8fPJmN88Xv qE Gk0FTnsvUAAxv31kGQM7KRxYrPYqnKqGEgShrTQRead2cv zPLOtK9Fra1PvihALO6aQEtymSSdHhhMcWj0vwKodfOg=w640 h346

AVvXsEg9a7cUxancgqyoztEd9QDrLW8OdlcrS1GTNzH0aulR9BpDNT8v9ay4mF sDCfX5ofk1it fTX AV7tL3JHP jPBs0hUyaguuyatw0ztstUjwWr8d9ms3blvPZMS7Ua7AFlC UY6NhWGnO2TMd0GOpmmA jum6U7 oRpg Xm8QRfywDNBUDBhJVlcHlpQ=w640 h266

AVvXsEjywHth1c3tvIevjK4Xu5iVj5LYiFQZTE6oTt7nT60RA2VvijFJwKoPfQ7u8I7nyKs8eCoGPdR7Xr99yUj zXR MgJ1dosMIZLkuXeZzU9ZBkrmZAXijTQhob38A1itKTPXeWWHHPxcKWA stxPq8gcYOClkCp8nSmWgrjIor q6uUaTUaMh1XGJ45O5A=w640 h368

Key features

Just install SDK to web front, can be found security weakness on service

  • SDK detect weakness from Inner Layer, dinamically (ex_ DOM Event, XHR Request)
  • Scanner detect weakness from Out Layer, statically (ex_ Crawl of web resources and analysis that)
NameOriginDescription
XSSSDKWhen user input a xss pattern string, trigger detection of XSS
SQLInjectionSDKWhen user input a sqlinjection pattern, trigger detection of SQLInjection
Sensitive PayloadSDKWhen requesting with sensitive payload. for example, unencoded raw password
File UploadSDKWhen user embed any file worried for system. for example, web shell
Unnecessary CommentScannerCode comments are on the served HTML or JS
Directory TraversalScannerDetect directory listing vulnerability
GuessingScannerDetect sensitive page like admin
Unobfuscated CodeScannerDetect unobfuscated vulnerable codes

If you think about able to detect additional weakness, please contribute on SDK or Scanner

Cumulus SDK for JavaScript

The official Cumulus SDK for JavaScript, providing as npm

Note: current version is unsupported version on typescript project but we considering now and gonna make it, quickly! (#2)

Installation

To install a SDK, simply add package like belows:

npm install --save https://github.com/tophat-cloud/cumulus
yarn add https://github.com/tophat-cloud/cumulus

Setup and usage of SDK always follow the same principle.

import { protect, captureMessage } from 'cumulus';

protect({
key: '__key__',
});

captureMessage('Hello, world!');

If you haven’t __key__, please sign-up and create project to get to key

Contents

Resources

Author

@Jinny You  from TopHat

click here to read full Article

Read More on Pentesting Tools

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *