Vulnerabilities / Threats
7/26/2013
02:59 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Anti-Scraping Scanning Tool Reveals Web Site Vulnerabilities To Block Web Scraping Snd Data Mining

System produces an actionable list of recommendations for Web site owners

ROSLYN HEIGHTS, N.Y., July 26, 2013 /PRNewswire/ -- The newly released Scanner from ScrapeDefender is the first and only web anti-scraping vulnerability scanner. Designed to quickly identify a web site's weak points, the tool is available now at http://www.scrapedefender.com.

ScrapeDefender's vulnerability scanner functions like a personal anti-scraping consultant, peering deep into the site's code to pinpoint weaknesses. The system then produces an actionable list of recommendations for website owners. Results from a scan are presented in plain English, so there's no delay between seeing a problem and fixing the problem.

Scraping is a big, somewhat shadowy business: ScrapeDefender estimates that content scraping is a $1 billion industry (comprised of software and services) with losses from content theft close to $10 billion. In the past year, Internet job boards have advertised an average of 147 scraping jobs daily as documented by ScrapeDefender's in-house team.

According to Robert Kane, CEO of ScrapeDefender, "Scraping is pervasive among small and large companies including many in the Fortune 1000. Yet many of these same companies also engage in targeted scraping of other sites, borrowing content they do not own and siphoning away value to enhance their own brands."

Bondview, the largest free web site for municipal bond investors, decided to use ScrapeDefender after manually blacklisting suspicious IP addresses. Chris Madden, Product Manager of Bondview, explained, "Bondview's data is its primary economic asset so our business literally depends on protecting it. But rather than employees manually performing IP address blocking, ScrapeDefender automates this protection expertly for us at a fraction of the cost."

Travel, publishing and consumer product websites are among the most attractive targets for scrapers that steal valuable information like price data to use as a competitive advantage.

Any web site owner in any industry that values their content should assess their vulnerability to scraping. Web scrapers extract millions of pieces of information silently and quickly.

Beyond the Scanner, ScrapeDefender has two more protection products releasing soon: The Security tool functions like a roadblock by stopping bots from stealing web site content. The integrated Monitoring tool will offer real-time alerting of suspicious activity. Used together, these three tools provide companies with end-to-end anti-scraping protection of their online information.

ScrapeDefender's mission is to make the Internet safer for businesses by protecting their work. More information on scraping and its harmful effects is available at http://scrapedefender.com/education/.

About ScrapeDefender

ScrapeDefender was founded in 2011 by veteran network security and web content professionals with experience at RSA Security, Getty Images, Goldman Sachs, JP Morgan, Citibank, Ernst & Young, EMC and others. As creators and publishers of web sites with valuable content, the founders were tired of seeing their information copied and or stolen via the Internet.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ZachB423
50%
50%
ZachB423,
User Rank: Apprentice
2/6/2014 | 7:06:46 PM
re: Anti-Scraping Scanning Tool Reveals Web Site Vulnerabilities To Block Web Scraping Snd Data Mining
I tried to give it a shot and their website is garbage. The "free scan" didn't do anything at all when I repeatedly clicked it, I didn't even get a spinning icon to indicate any kind of load that was taking place. So then I figured maybe if I signed up it would work. So, I get into the trial account and this time it gives me the normal "waiting" indicator in my browser to show a page is loading but it repeatedly kept timing out. I then realized they sent me a "confirmation link" so I click that and it is a 404 page that says "page not found. Then I gave it one more try on the "scan" page with the same time-out results before saying screw it. Horrible UX and that's probably why I never heard of them until researching today.
BarryH435
50%
50%
BarryH435,
User Rank: Apprentice
8/4/2013 | 3:26:04 PM
re: Anti-Scraping Scanning Tool Reveals Web Site Vulnerabilities To Block Web Scraping Snd Data Mining
Is the tool similar to numerous monitoring tools that exist on the market eg Anturis? Can we use your tool as a monitoring one? what is better?
JimW319
50%
50%
JimW319,
User Rank: Apprentice
7/27/2013 | 1:46:55 AM
re: Anti-Scraping Scanning Tool Reveals Web Site Vulnerabilities To Block Web Scraping Snd Data Mining
The back story on ScrapeDefender is their CEO Robert Kane, was the original founder of the Intrusion Detection. He was there at the beginning. He also created the Kane Security product line which RSA Security acquired. Under his guidance I expect some good stuff from ScrapeDefender.
Register for Dark Reading Newsletters
White Papers
Flash Poll
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2011-3154
Published: 2014-04-17
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 does not properly create temporary files, which allows local users to obtain the XAUTHORITY file conte...

CVE-2013-2143
Published: 2014-04-17
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by setting a user account to an administrator account.

CVE-2014-0036
Published: 2014-04-17
The rbovirt gem before 0.0.24 for Ruby uses the rest-client gem with SSL verification disabled, which allows remote attackers to conduct man-in-the-middle attacks via unspecified vectors.

CVE-2014-0054
Published: 2014-04-17
The Jaxb2RootElementHttpMessageConverter in Spring MVC in Spring Framework before 3.2.8 and 4.0.0 before 4.0.2 does not disable external entity resolution, which allows remote attackers to read arbitrary files, cause a denial of service, and conduct CSRF attacks via crafted XML, aka an XML External ...

CVE-2014-0071
Published: 2014-04-17
PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections.

Best of the Web