One of the most over-looked issues in web applications is vulnerabilities in someone else's code; 3rd-party JavaScript libraries. Vendors reguarly patch lirbaries but developers may not realize new versions are available or that current versions have problems. Being aware of issues in JavaScript libraries is key.
Retire.js is a scanner that identifies the version of libraries running in a web application, then checks the version for known issues. Retire.js is often used as a plugin within the OWASP ZAP or Burp-Suite vulnerability scanners. Retire.js is also available as a browser add-on for Firefox and Chrome. The browser extension montors libraries while the user is surfing. This makes it easy for developers to constantly be on the lookout for problems while developing and testing applications.
To learn more about using Retire.js as a browser extension, check out the following video.
Comments