Foundstone Releases SiteDigger to Help Identify Web Site Information Leakage; Free Tool Utilizes Google Search Engine to Pinpoint Potential Exposures

Business Wire, May 27, 2004

Business Editors/High-Tech Writers

MISSION VIEJO, Calif.--(BUSINESS WIRE)--May 27, 2004

Foundstone Inc., experts in strategic security, today announced the availability of SiteDigger(TM), a free tool designed to help identify potential sources of information leakage on public Web sites. SiteDigger uses Google's indexed search information to quickly pinpoint human error vulnerabilities such as the accidental exposure of confidential information including financial records, passwords, and personal information on an organization's Web site. Armed with a profile of their Web site weaknesses, organizations can work to proactively remediate their vulnerabilities, minimizing risk of exploitation.

SiteDigger is the first automated tool using Google to help identify information leakage and uses more than 150 unique signatures to quickly and easily identify vulnerabilities in seven categories including: privacy, back-up files, configuration mistakes, remote administrator interface, error messages, public vulnerabilities, and technology profile. The tool provides signature update functionality and a dynamic graphical user interface which was built using C#, SOAP and Web services on the Microsoft.NET framework. SiteDigger will support the OASIS WAS classification scheme for Web security vulnerabilities when it is finalized later this month. SiteDigger users can optimize their number of searches per day by using their own Google license key.

"The primary goal of most Web sites is to communicate information," commented Mark Curphey, director of consulting for Foundstone and founder of OWASP. "However, many organizations are innocently sharing more information than they realize via their sites, putting sensitive information at risk. SiteDigger helps organizations proactively find those holes so they can be plugged before any potential damage is done."

SiteDigger is one of several free tools that will be made available through Foundstone's newly launched S3i(TM) service line. S3i (Strategic Secure Software Initiative) helps Foundstone clients define, design, develop, deploy and maintain reliable and secure software. By understanding and managing inherent risk and measurably improving the software development life cycle, Foundstone helps its clients reduce development costs and improve performance. To find out more about S3i and to download the free SiteDigger tool and white paper, visit http://www.foundstone.com/s3i. Foundstone's Curphey will also host a Webcast on June 24, 2004 entitled Google Hacking & SiteDigger: How to Stop Giving Critical Info to Hackers. More information and registration can be found at http://www.globalknowledge.com/training/course.asp?pageid=9&courseid= 8658&catid=248&methodid=s&country=United States&translation=English.

Foundstone's Enterprise Risk Solutions(TM) software helps organizations comprehensively discover, inventory, prioritize, and remediate all assets on a global network. The suite provides exceptionally accurate, high-speed vulnerability assessment of all network assets, intuitive reports and metrics, and a tightly integrated threat correlation module which correlates critical threats with prioritized assets so security and network operations can focus on the assets that matter the most.

About Foundstone

Foundstone(R) Inc., experts in strategic security, offers a unique combination of software, services, and education to help organizations continuously and measurably protect the most important assets from the most critical threats. Through a strategic approach to security, Foundstone identifies and implements the right balance of technology, people, and process to manage digital risk and leverage security investments more effectively. The company has one of the most dominant security talent pools ever assembled, and has authored twenty books, including the best-seller Hacking Exposed. Foundstone customers include six of the top 11 Fortune companies and many U.S. government agencies. The company is headquartered in Orange County, Calif., and has offices in San Antonio, New York, Washington, D.C., and Singapore. For more information about Foundstone, visit www.foundstone.com, or call 877-91-FOUND within the U.S., and 949-297-5600 outside the U.S.

Note to Editors: Foundstone, SiteDigger, S3i and Foundstone Enterprise are trademarks of Foundstone Inc. All other companies, brand names or products are trademarks or registered trademarks of their respective companies.