Web Application Vulnerability Scanners

# 鬼仔:在包子那里看到的。


Web Application Vulnerability Scanners are tools designed to automatically scan web applications for potential vulnerabilities. These tools differ from general vulnerability assessment tools in that they do not perform a broad range of checks on a myriad of software and hardware. Instead, they perform other checks, such as potential field manipulation and cookie poisoning, which allows a more focused assessment of web applications by exposing vulnerabilities of which standard VA tools are unaware.


Web Application Security

Web Applications Issues

  • Scripting issues
  • Sources of input: forms, text boxes, dialog windows, etc.
  • Multiple Charset Encodings (UTF-8, ISO-8859-15, UTF-7, etc.)
  • Regular expression checks
  • Header integrity (e.g. Multiple HTTP Content Length, HTTP Response Splitting)
  • Session handling/fixation
  • Cookies
  • Framework vulnerabities(Java Server Pages, .NET, Ruby On Rails, Django, etc.)
  • Success control: front door, back door vulnerability assessment
  • Penetration attempts versus failures

Technical vulnerabilities

  • Unvalidated input:
    • Tainted parameters – Parameters users in URLs, HTTP headers, and forms are often used to control and validate access to sentitive information.
    • Tainted data
  • Cross-Site Scripting flaws:
    • XSS takes advantage of a vulnerable web site to attack clients who visit that web site. The most frequent goal is to steal the credentials of users who visit the site.
  • Content Injection flaws:
    • Data injection
    • SQL injection – SQL injection allows commands to be executed directly against the database, allowing disclosure and modification of data in the database
    • XPath injection – XPath injection allows attacker to manipulate the data in the XML database
    • Command injection – OS and platform commands can often be used to give attackers access to data and escalate privileges on backend servers.
    • Process injection
  • Cross-site Request Forgeries

Security Vulnerabilities

  • Denial of Service
  • Broken access control
  • Path manipulation
  • Broken session management (synchronization timing problems)
  • Weak cryptographic functions, Non salt hash

Architectural/Logical Vulnerabilities

  • Information leakage
  • Insufficient authentification
  • Password change form disclosing detailed errors
  • Session-idle deconstruction not consistent with policies
  • Spend deposit before deposit funds are validated

Other vulnerabilities

  • Debug mode
  • Thread Safety
  • Hidden Form Field Manipulation
  • Weak Session Cookies: Cookies are often used to transit sensitive credentials, and are often easily modified to escalate access or assume another user’s identify.
  • Fail Open Authentication
  • Dangers of HTML Comments

Some Instances

DISCLAIMER: Certain trade names and company products are mentioned in the text or identified. In no case does such identification imply recommendation or endorsement by the National Institute of Standards and Technology (NIST), nor does it imply that the products are necessarily the best available for the purpose.

By selecting almost any of these links, you will be leaving NIST webspace. We provide these links because they may have information of interest to you. No inferences should be drawn because some sites are referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the assertions presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites.

Please contact us if you think something should be included. If it has all the characteristics of the tool, techniques, etc., we will be happy to add it. We can be contacted at http://samate.nist.gov/Images/sam8ATnistDOTguv.jpg

Commercial tools

Free/OpenSource Tools

A more complete list of tools is available in the OWASP Phoenix/Tools


楼被抢了 4 层了... 抢座Rss 2.0或者 Trackback