PT BlackBox Scanner

The main articles are:

• Software and hardware vulnerabilities
• SaaS - History. Philosophy. Development drivers

BlackBox Scanner is a cloud service for identifying vulnerabilities in web applications.

BlackBox (on-premium version)

Main article: on-premium BlackBox scanner

2024: Web Application Security Analysis Release

Positive Technologies in August 2024 introduced an updated version of its PT BlackBox Scanner, a cloud-based vulnerability scanner designed to analyze the security of web applications. This freely available tool allows you to detect vulnerabilities in the code and configurations of web resources using the dynamic analysis method (DAST). The scanner is already available for everyone to use.

According to the developers, PT BlackBox Scanner has received dozens of new features and improvements, including the ability to download a detailed report on the results of the audit. The service is capable of performing more than 110 types of checks, simulating real attacks on running web applications to identify weaknesses that can be exploited by attackers.

𝓲

Positive Technologies

One of the main innovations was the optimization of the scanning process, which made it possible to speed up application validation by half. A profile was also added to scan the perimeter of applications in order to search for subdomains and open ports, which makes it possible to identify additional vulnerable resources that are not intended for public access. The updated version also includes special checks for the popular 1C-Bitrix platform, which allows you to take into account new critical vulnerabilities.

In addition, the service received a large-scale update of the knowledge base about known vulnerabilities, as well as scenarios for verifying them. An important function was to filter the found vulnerabilities by their criticality, which simplifies the prioritization of work on security.

According to Sergey Sinyakov, project manager at PT BlackBox, the main goal of the company is to develop a cloud version of the scanner, which will eventually completely replace the old one. The new version retains the familiar interface, but offers improved features based on user feedback. In addition, the scanner now uses a new engine similar to that used in other flagship Positive Technologies products.

2017: BlackBox Scanner free online service beta launch

On May 23, 2017, Positive Technologies announced the launch of a public beta testing of a free online service for detecting vulnerabilities in BlackBox Scanner web applications.

Users can start verification without registering and confirming ownership of the site. The service is based on Positive Technologies enterprise-level application security technologies. You can also check the sites operating on the local network.

Screenshot of the page screen, (2017)

An open source agent allows to prevent anonymous exploitation of the service and maintain ease of use, which makes it possible not to confirm the fact of ownership of the site, ensuring that all scan requests are tunneled through the user's PC to the scanned site. Another way to protect PT BlackBox Scanner from anonymous use is to confirm ownership by placing special code in the root directory of the site.

The service is focused on those interested in protecting web applications: from site owners to companies and experts testing the security of their clients' sites.

Vulnerabilities in web applications today are one of the most common compromise vectors. Large and small businesses are actively translating their activities into a digital plane, so the insecurity of web applications is fraught with legal and economic risks, disclosure of user personal data and fraud. We want to bring security to the forefront, empower people to find vulnerabilities in their infrastructure themselves and get ahead of bad actors. We also believe that our knowledge and expertise will help make the virtual world safer, and that's why our PT BlackBox Scanner is free. Maxim Filippov, Business Development Director of Positive Technologies in Russia