Netsparker is the only False-positive web
application security scanner. Simply point it at your website and it
will automatically discover the flaws that could leave you dangerously
exposed.
application security scanner. Simply point it at your website and it
will automatically discover the flaws that could leave you dangerously
exposed.
Netsparker identifies:
Error Based SQL Injections
Boolean SQL Injections
Blind (Time Based) SQL Injections
Netsparker identifies Permanent/Stored and Reflective Cross-site Scripting. Cross-site Scripting issues can be identified in parameters or in the URL.
Netsparker carries out several different attacks to bypass known and custom weak protection.
Netsparker detects if it’s possible for an attacker to inject a remote file into the site in order to execute JavaScript in the current page. This is a typical technique used by attackers to carry out Cross-site Scripting attacks.
Netsparker also detects Cross-site Scripting issues in URLs. This type of attack is common in websites using URL Rewrite and PHP.
Netsparker detects pages that are susceptible to Command Injection, whereby input data is interpreted as an operating system command.
This type of vulnerability can allow an attacker to gain full access over the server and the web application.
Netsparker detects pages that are susceptible to Blind Command Injection, whereby input data is interpreted as an operating system command but it can’t be directly identified from the output of the page. Netsparker will identify Blind Command Injections by carrying out several requests and analyze the time differences.
This type of vulnerability can allow an attacker to gain full access over the server and the web application.
Netsparker detects Local File Inclusion and Arbitrary File Reading issues; It detects if an attacker can access files and source code from the server on both Windows and *nix systems. It carries out advanced checks, uses process directories, Null byte injection attacks, dynamic file extension replacements and many other methods to bypass weak filters and blacklistings.
In addition, it checks if the Local File Inclusion can be used for executing remote commands by injecting code into log files.
Netsparker has exploitation features for Local File Inclusion attacks.
Netsparker detects if the application is vulnerable to Remote File Inclusions which allow an attacker to inject a remote file and execute code on the server.
Netsparker carries out several dynamic requests, and tries to bypass many weaknesses and blacklistings.
Netsparker detects if the application evaluates/executes given code within itself by using dangerous calls such as eval().
Error Based SQL Injections
Boolean SQL Injections
Blind (Time Based) SQL Injections
Netsparker identifies Permanent/Stored and Reflective Cross-site Scripting. Cross-site Scripting issues can be identified in parameters or in the URL.
Netsparker carries out several different attacks to bypass known and custom weak protection.
Netsparker detects if it’s possible for an attacker to inject a remote file into the site in order to execute JavaScript in the current page. This is a typical technique used by attackers to carry out Cross-site Scripting attacks.
Netsparker also detects Cross-site Scripting issues in URLs. This type of attack is common in websites using URL Rewrite and PHP.
Netsparker detects pages that are susceptible to Command Injection, whereby input data is interpreted as an operating system command.
This type of vulnerability can allow an attacker to gain full access over the server and the web application.
Netsparker detects pages that are susceptible to Blind Command Injection, whereby input data is interpreted as an operating system command but it can’t be directly identified from the output of the page. Netsparker will identify Blind Command Injections by carrying out several requests and analyze the time differences.
This type of vulnerability can allow an attacker to gain full access over the server and the web application.
Netsparker detects Local File Inclusion and Arbitrary File Reading issues; It detects if an attacker can access files and source code from the server on both Windows and *nix systems. It carries out advanced checks, uses process directories, Null byte injection attacks, dynamic file extension replacements and many other methods to bypass weak filters and blacklistings.
In addition, it checks if the Local File Inclusion can be used for executing remote commands by injecting code into log files.
Netsparker has exploitation features for Local File Inclusion attacks.
Netsparker detects if the application is vulnerable to Remote File Inclusions which allow an attacker to inject a remote file and execute code on the server.
Netsparker carries out several dynamic requests, and tries to bypass many weaknesses and blacklistings.
Netsparker detects if the application evaluates/executes given code within itself by using dangerous calls such as eval().
0 comments:
Post a Comment