Application Security Vulnerabilities Scanned For

Recurring and one time scans both have the same scan specifications and search for the same set of common website vulnerabilities. the focus of the scan is providing a comprehensive security analysis, providing meaningful insight to business risk. Information is presented so non-technical users can take advantage of scan findings, and technical users will find all the details required to correct issues found by the scanner.

Many vulnerabilities scanned also have detailed articles in the security articles section. If you don't understand what one of these vulnerabilities is, browse the articles to find some examples.

Scanned Vulnerability List

• SQL Injection (Including Blind SQL Injection)
• Server Side Command / Shell Injection vectors
• XML and XPATH Injection
• String Format Vulnerabilities
• Integer Overflow Vulnerabilities
• HTTP PUT protocol which can be posted to without authorization
• XSS (Cross site scripting) attacks, both stored and reflected
• HTTP Header splitting
• Improper SSL configuration, or password forms without SSL
• File Inclusions
• Server misconfigurations, including bad cookie caching, server and application version information, error messages, and directory traversal
• Improper character sets, or incorrect file typing

Scan Methodology

Scans span thousands of vulnerability checks across the application, including crawling the target site. This can usually be completed in a few minutes, though some sites may take longer. In depth scans may complete tens of thousands of tests against the target site, ensuring a full and deep scan of all the pages and attack landscape.

In every case, we attempt to rate limit requests so as not to impact the target server performance. Because this can add additional load of concurrent users on your software, it is recommended to scan a QA server if it is accessible from the internet, or to watch carefully while a scan is being performed to check for any adverse effects.

The maximum number of concurrent threads testing a given website is 10. This can simulate 10 users clicking links in your application as fast as the pages can load. The threads use keep-alive by default. In some Apache configurations, these 10 workers can use up all available web server listeners, and if keep alive on the server is set to several seconds, it is possible for the scanner to use up all Apache threads. When the scanner sees this kind of behavior, it attempts to back off by reducing the number of threads and reducing the request rate. If you see negative impact on server performance during a scan, please notify our team and we will manually tune the scanning job for your site to minimize scan impact.