Vulnerabilities / Threats
7/26/2013
02:59 PM
Dark Reading
Dark Reading
Products and Releases
Connect Directly
RSS
E-Mail
50%
50%

Anti-Scraping Scanning Tool Reveals Web Site Vulnerabilities To Block Web Scraping Snd Data Mining

System produces an actionable list of recommendations for Web site owners

ROSLYN HEIGHTS, N.Y., July 26, 2013 /PRNewswire/ -- The newly released Scanner from ScrapeDefender is the first and only web anti-scraping vulnerability scanner. Designed to quickly identify a web site's weak points, the tool is available now at http://www.scrapedefender.com.

ScrapeDefender's vulnerability scanner functions like a personal anti-scraping consultant, peering deep into the site's code to pinpoint weaknesses. The system then produces an actionable list of recommendations for website owners. Results from a scan are presented in plain English, so there's no delay between seeing a problem and fixing the problem.

Scraping is a big, somewhat shadowy business: ScrapeDefender estimates that content scraping is a $1 billion industry (comprised of software and services) with losses from content theft close to $10 billion. In the past year, Internet job boards have advertised an average of 147 scraping jobs daily as documented by ScrapeDefender's in-house team.

According to Robert Kane, CEO of ScrapeDefender, "Scraping is pervasive among small and large companies including many in the Fortune 1000. Yet many of these same companies also engage in targeted scraping of other sites, borrowing content they do not own and siphoning away value to enhance their own brands."

Bondview, the largest free web site for municipal bond investors, decided to use ScrapeDefender after manually blacklisting suspicious IP addresses. Chris Madden, Product Manager of Bondview, explained, "Bondview's data is its primary economic asset so our business literally depends on protecting it. But rather than employees manually performing IP address blocking, ScrapeDefender automates this protection expertly for us at a fraction of the cost."

Travel, publishing and consumer product websites are among the most attractive targets for scrapers that steal valuable information like price data to use as a competitive advantage.

Any web site owner in any industry that values their content should assess their vulnerability to scraping. Web scrapers extract millions of pieces of information silently and quickly.

Beyond the Scanner, ScrapeDefender has two more protection products releasing soon: The Security tool functions like a roadblock by stopping bots from stealing web site content. The integrated Monitoring tool will offer real-time alerting of suspicious activity. Used together, these three tools provide companies with end-to-end anti-scraping protection of their online information.

ScrapeDefender's mission is to make the Internet safer for businesses by protecting their work. More information on scraping and its harmful effects is available at http://scrapedefender.com/education/.

About ScrapeDefender

ScrapeDefender was founded in 2011 by veteran network security and web content professionals with experience at RSA Security, Getty Images, Goldman Sachs, JP Morgan, Citibank, Ernst & Young, EMC and others. As creators and publishers of web sites with valuable content, the founders were tired of seeing their information copied and or stolen via the Internet.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
ZachB423
50%
50%
ZachB423,
User Rank: Apprentice
2/6/2014 | 7:06:46 PM
re: Anti-Scraping Scanning Tool Reveals Web Site Vulnerabilities To Block Web Scraping Snd Data Mining
I tried to give it a shot and their website is garbage. The "free scan" didn't do anything at all when I repeatedly clicked it, I didn't even get a spinning icon to indicate any kind of load that was taking place. So then I figured maybe if I signed up it would work. So, I get into the trial account and this time it gives me the normal "waiting" indicator in my browser to show a page is loading but it repeatedly kept timing out. I then realized they sent me a "confirmation link" so I click that and it is a 404 page that says "page not found. Then I gave it one more try on the "scan" page with the same time-out results before saying screw it. Horrible UX and that's probably why I never heard of them until researching today.
BarryH435
50%
50%
BarryH435,
User Rank: Apprentice
8/4/2013 | 3:26:04 PM
re: Anti-Scraping Scanning Tool Reveals Web Site Vulnerabilities To Block Web Scraping Snd Data Mining
Is the tool similar to numerous monitoring tools that exist on the market eg Anturis? Can we use your tool as a monitoring one? what is better?
JimW319
50%
50%
JimW319,
User Rank: Apprentice
7/27/2013 | 1:46:55 AM
re: Anti-Scraping Scanning Tool Reveals Web Site Vulnerabilities To Block Web Scraping Snd Data Mining
The back story on ScrapeDefender is their CEO Robert Kane, was the original founder of the Intrusion Detection. He was there at the beginning. He also created the Kane Security product line which RSA Security acquired. Under his guidance I expect some good stuff from ScrapeDefender.
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Must Reads - September 25, 2014
Dark Reading's new Must Reads is a compendium of our best recent coverage of identity and access management. Learn about access control in the age of HTML5, how to improve authentication, why Active Directory is dead, and more.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2012-5619
Published: 2014-09-29
The Sleuth Kit (TSK) 4.0.1 does not properly handle "." (dotfile) file system entries in FAT file systems and other file systems for which . is not a reserved name, which allows local users to hide activities it more difficult to conduct forensics activities, as demonstrated by Flame.

CVE-2012-5621
Published: 2014-09-29
lib/engine/components/opal/opal-call.cpp in ekiga before 4.0.0 allows remote attackers to cause a denial of service (crash) via an OPAL connection with a party name that contains invalid UTF-8 strings.

CVE-2012-6107
Published: 2014-09-29
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.

CVE-2012-6110
Published: 2014-09-29
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessing an open file descriptor.

CVE-2013-1874
Published: 2014-09-29
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
In our next Dark Reading Radio broadcast, we’ll take a close look at some of the latest research and practices in application security.