Bypass Qualys and Acunetix Using GWT

Posted on Updated on

We all heard about vulnerability scanners such as Qualys and Acunetix and how they’re at the forefront of security! Right until they hit a website created using the Google Web Toolkit otherwise known as GWT.

Trying to scan a web application created using GWT with Qualys or Acunetix results in utter failure. With all the propaganda being spewed out by those companies on how advanced they are, they cannot even properly scan a GWT web app. It’s not like GWT is something special, it’s just JavaScript, Ajax, HTML5 and CSS all smashed together.

People have even raised the issue that GWT built apps are not supported by Acunetix as is shown in this issue. Poor thing has no replies and is date from last year. Yes, this is how much Acunetix cares.

Qualys has no mention on GWT support, but I can assure all that they do not have any support. Mainly because I developed a large GWT web app and we tried scanning it with Qualys and it fails numerous times. It cannot even get past the log in page. Issues were raised like months ago and it seems they’re struggling.

Why is this bad?

Well according to InfoSecurity Magazine most open-source frameworks have security vulnerabilities. Most get used in mission critical applications and the user or company may not know that vulnerabilities exists nor if new versions were released that fixed those. This being said, according to InfoSecurity Magazine Google Web Toolkit was downloaded 17.7 million times with known vulnerabilities and this was dated in April 2012. So that means GWT version 2.4.0 has the vulnerabilities and maybe people should read the changelog of release candidate 2.5.0.

Leave a Comment

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s