Web Application Scanner
Our Website Application Scanner is a customized tool designed by our technical team to quickly assess the security of a web application. It is a full web application scanner, capable of performing wide-ranging security assessments against any type of web application.
The scanner finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.
list of tests performed
Fingerprint web server software
Analyze HTTP headers for security misconfiguration
Check the security of HTTP cookies
Check the SSL certificate of the server
Check if the server software is affected by known vulnerabilities
Analyze robots.txt for interesting URLs
Check whether a client access file exists, and if it contains a wildcard entry (clientaccesspolicy.xml, crossdomain.xml)
Discover server configuration problems such as Directory Listing
Crawl website
Check for SQL Injection
Check for Cross-Site Scripting
Check for Local File Inclusion and Remote File Inclusion
Check for OS Command Injection
Check for outdated JavaScript libraries
Find administrative pages
Check for sensitive files (archives, backups, certificates, key stores) based on hostname and some common words
Attempt to find interesting files/functionality
Check for information disclosure issues
