Web Application Vulnerability Scanners
# 鬼仔:在包子那里看到的。
Web Application Vulnerability Scanners are tools designed to automatically scan web applications for potential vulnerabilities. These tools differ from general vulnerability assessment tools in that they do not perform a broad range of checks on a myriad of software and hardware. Instead, they perform other checks, such as potential field manipulation and cookie poisoning, which allows a more focused assessment of web applications by exposing vulnerabilities of which standard VA tools are unaware.
Contents |
Web Application Security
Web Applications Issues
- Scripting issues
- Sources of input: forms, text boxes, dialog windows, etc.
- Multiple Charset Encodings (UTF-8, ISO-8859-15, UTF-7, etc.)
- Regular expression checks
- Header integrity (e.g. Multiple HTTP Content Length, HTTP Response Splitting)
- Session handling/fixation
- Cookies
- Framework vulnerabities(Java Server Pages, .NET, Ruby On Rails, Django, etc.)
- Success control: front door, back door vulnerability assessment
- Penetration attempts versus failures
Technical vulnerabilities
- Unvalidated input:
- Tainted parameters – Parameters users in URLs, HTTP headers, and forms are often used to control and validate access to sentitive information.
- Tainted data
- Cross-Site Scripting flaws:
- XSS takes advantage of a vulnerable web site to attack clients who visit that web site. The most frequent goal is to steal the credentials of users who visit the site.
- Content Injection flaws:
- Data injection
- SQL injection – SQL injection allows commands to be executed directly against the database, allowing disclosure and modification of data in the database
- XPath injection – XPath injection allows attacker to manipulate the data in the XML database
- Command injection – OS and platform commands can often be used to give attackers access to data and escalate privileges on backend servers.
- Process injection
- Cross-site Request Forgeries
Security Vulnerabilities
- Denial of Service
- Broken access control
- Path manipulation
- Broken session management (synchronization timing problems)
- Weak cryptographic functions, Non salt hash
Architectural/Logical Vulnerabilities
- Information leakage
- Insufficient authentification
- Password change form disclosing detailed errors
- Session-idle deconstruction not consistent with policies
- Spend deposit before deposit funds are validated
Other vulnerabilities
- Debug mode
- Thread Safety
- Hidden Form Field Manipulation
- Weak Session Cookies: Cookies are often used to transit sensitive credentials, and are often easily modified to escalate access or assume another user’s identify.
- Fail Open Authentication
- Dangers of HTML Comments
Some Instances
By selecting almost any of these links, you will be leaving NIST webspace. We provide these links because they may have information of interest to you. No inferences should be drawn because some sites are referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the assertions presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites.
Please contact us if you think something should be included. If it has all the characteristics of the tool, techniques, etc., we will be happy to add it. We can be contacted at http://samate.nist.gov/Images/sam8ATnistDOTguv.jpg
Commercial tools
- Acunetix WVS by Acunetix
- AppScan DE by IBM/Watchfire, Inc.
- Hailstorm by Cenzic
- N-Stealth by N-Stalker
- NTOSpider by NTObjectives
- WebInspect by HP/SPI-Dynamics
- WebKing by Parasoft
- elanize’s Security Scanner by Elanize KG
- MileScan Web Security Auditor by MileSCAN Tech
- WebApp360 by nCircle
Free/OpenSource Tools
- Grabber by Romain Gaucher
- Grendel-Scan by David Byrne and Eric Duprey
- Nikto by Sullo
- Pantera by Simon Roses Femerling (OWASP Project)
- Paros by Chinotec
- Powerfuzzer by Marcin Kozlowski
- Spike Proxy by Immunity (Now as OWASP Pantera)
- WebScarab by Rogan Dawes of Aspect Security (OWASP Project)
- Wapiti by Nicolas Surribas
- W3AF by Andres Riancho
- SecurityQA Toolbar by iSEC Partners
A more complete list of tools is available in the OWASP Phoenix/Tools
不是很懂
站点喜欢不错哦。欢迎回访