What is a CGI Scanner?

"Automated security program that searches for well-known vulnerabilities in web servers and off-the-shelf web application software. Often CGI Scanners are not very “stateful” in their analysis and only test a series HTTP requests against known CGI strings" - Web Application Security Consortium Glossary

CGI Scanners are very simple tools which look for common CGI's or Web Applications that are vulnerable, and attempt to exploit them. While useful to look for common files and known vulnerabilities they lack usually lack the ability to keep state, and don't check for unknown web vulnerabilities. CGI Scanners have been replaced by "Web Application Security Scanners".

Also See 'Web Application Security Scanner'
Web Application Security Scanner


Feed You can follow this conversation by subscribing to the comment feed for this post.

Post a comment

Remember personal info?