• Home

  • Technology

  • WebCruiser Web Vulnerability Scanner Test Report with WAVSEP
13
WebCruiser Web Vulnerability Scanner Test Report V3.1.0 Made by Janusec (http://www.janusec.com ) 1. Test Report 1.1. SQL Injection Test Report Input Vector Test Cases Cases Count Report Pass Rate GET Input Vector Erroneous 500 Responses 19 19 100% Erroneous 200 Responses 19 19 100% 200 Responses With Differentiation 19 19 100% Identical 200 Responses 8 8 100% POST Input Vector Erroneous 500 Responses 19 19 100% Erroneous 200 Responses 19 19 100% 200 Responses With Differentiation 19 19 100% Identical 200 Responses 8 8 100% GET Input Vector Experimental Insert / Delete / Other 1 1 100% POST Input Vector - Experimental Insert / Delete / Other 1 1 100% 1.2. XSS Test Report Input Vector Test Cases Cases Count Report Pass Rate GET Input Vector ReflectedXSS 32 32 100% POST Input Vector ReflectedXSS 32 32 100% Cookie Input Vector - Experimental ReflectedXSS 1 1 100% GET Input Vector - Experimental ReflectedXSS 11 11 100% POST Input Vector - Experimental ReflectedXSS 11 11 100% GET Input Vector - Experimental DomXSS 4 4 100%

WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

  • Upload
    u2

  • View
    67

  • Download
    4

Tags:

Embed Size (px)

Citation preview

Page 1: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

WebCruiser Web Vulnerability Scanner Test Report V3.1.0 Made by Janusec (http://www.janusec.com )

1. Test Report

1.1. SQL Injection Test Report

Input Vector Test Cases Cases Count Report Pass Rate

GET Input Vector

Erroneous 500 Responses 19 19 100%

Erroneous 200 Responses 19 19 100%

200 Responses With

Differentiation 19 19 100%

Identical 200 Responses 8 8 100%

POST Input

Vector

Erroneous 500 Responses 19 19 100%

Erroneous 200 Responses 19 19 100%

200 Responses With

Differentiation 19 19 100%

Identical 200 Responses 8 8 100%

GET Input Vector

– Experimental Insert / Delete / Other 1 1 100%

POST Input

Vector -

Experimental

Insert / Delete / Other 1 1 100%

1.2. XSS Test Report

Input Vector Test Cases Cases Count Report Pass Rate

GET Input Vector ReflectedXSS 32 32 100%

POST Input

Vector ReflectedXSS 32 32 100%

Cookie Input

Vector -

Experimental

ReflectedXSS 1 1 100%

GET Input Vector

- Experimental ReflectedXSS 11 11 100%

POST Input

Vector -

Experimental

ReflectedXSS 11 11 100%

GET Input Vector

- Experimental DomXSS 4 4 100%

http://www.janusec.com/
Page 2: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

1.3. LFI Test Report

Input Vector Test Cases Cases Count Report Pass Rate

Get Input Vector

Erroneous HTTP 500

Responses 68 68 100%

Erroneous HTTP 404

Responses 68 68 100%

Erroneous HTTP 200

Responses 68 68 100%

HTTP 302 Redirect

Responses 68 68 100%

HTTP 200 Responses With

Differentiation 68 68 100%

HTTP 200 Responses with

Default File on Error 68 68 100%

POST Input

Vector

Erroneous HTTP 500

Responses 68 68 100%

Erroneous HTTP 404

Responses 68 68 100%

Erroneous HTTP 200

Responses 68 68 100%

HTTP 302 Redirect

Responses 68 68 100%

HTTP 200 Responses With

Differentiation 68 68 100%

HTTP 200 Responses with

Default File on Error 68 68 100%

1.4. RFI Test Report

Input Vector Test Cases Cases Count Report Pass Rate

Get Input Vector

Erroneous HTTP 500

Responses 9 9 100%

Erroneous HTTP 404

Responses 9 9 100%

Erroneous HTTP 200

Responses 9 9 100%

HTTP 302 Redirect

Responses 9 9 100%

HTTP 200 Responses With

Differentiation 9 9 100%

HTTP 200 Responses with 9 9 100%

Page 3: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

Default File on Error

POST Input

Vector

Erroneous HTTP 500

Responses 9 9 100%

Erroneous HTTP 404

Responses 9 9 100%

Erroneous HTTP 200

Responses 9 9 100%

HTTP 302 Redirect

Responses 9 9 100%

HTTP 200 Responses With

Differentiation 9 9 100%

HTTP 200 Responses with

Default File on Error 9 9 100%

1.5. Redirect Test Report

Input Vector Test Cases Cases Count Report Pass Rate

Get Input Vector

HTTP 302 Redirect

Responses 15 15 100%

HTTP 200 Responses With

Javascript Redirect 15 15 100%

POST Input

Vector

HTTP 302 Redirect

Responses 15 15 100%

HTTP 200 Responses With

Javascript Redirect 15 15 100%

1.6. False Positive Test Report

False Vuln Test Cases Cases Count Report Pass Rate

SQL Injection False Positive 10 0 100%

XSS False Positive 7 0 100%

2. Test Environment

2.1. Product and Test Cases

WAVSEP (Web Application Vulnerability Scanner Evaluation Project) v1.5

WAVSEP Environment: Windows8.1 + XAMPP (Tomcat + MySQL)

WebCruiser Web Vulnerability Scanner Enterprise Edition V3.1.0

Page 4: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

2.2. Test Scope

This test report includes the following vulnerabilities:

SQL Injection

Cross-site Scripting(XSS)

LFI(Local File Inclusion)

RFI(Remote File Inclusion)

Redirect

Other test cases are not included.

2.3. Test Method

In order to get the test results quickly, we use a new feature of WebCruiser Web

Vulnerability Scanner, which is “Scan Page”, which means it will scan all links in a page

once a time. This function requires that the links locate under the same or sub directory,

links under other directories will be skipped.

When start a new page scan, click “Reset Scanner” to clear previous result, and navigate

to new page, and then click “ScanPage”

Page 5: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

2.4. SQL Injection Test Details

2.4.1. Get Input Vector

Erroneous 500 Responses (19 cases)

Erroneous 200 Responses (19 cases)

Page 6: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

200 Responses With Differentiation (19 cases)

Page 7: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

Identical 200 Responses (8 cases)

2.4.2. Post Input Vector

Erroneous 500 Responses (19 cases)

Page 8: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

Erroneous 200 Responses (19 cases)

Page 9: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

200 Responses With Differentiation (19 cases)

Page 10: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

Identical 200 Responses (xx cases)

2.4.3. GET Input Vector – Experimental

Experimental 1 case

2.4.4. POST Input Vector – Experimental

Experimental 1 case

Page 11: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

2.5. XSS Test Details

2.5.1. Get Input Vector

Page 12: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

2.5.2. POST Input Vector

2.5.3. Cookie Input Vector – Experimental

2.5.4. GET Input Vector – Experimental

Page 13: WebCruiser Web Vulnerability Scanner Test Report with WAVSEP

2.5.5. POST Input Vector – Experimental

2.5.6. DomXSS GET Input Vector – Experimental

2.6. Other Test Details

Test details not list here, test report please refer to the chapter 1: test report.

http://www.janusec.com

Jan 25, 2015

http://www.janusec.com/

Passive Vulnerability Scanning Overview - Tenable® · Passive Vulnerability Scanner (U.S. patent 7,761,918 B2) from Tenable is a network discovery and vulnerability analysis software

Passive Vulnerability Scanning Overview - Tenable® · Passive Vulnerability Scanner (U.S. patent 7,761,918 B2) from Tenable is a network discovery and vulnerability analysis software

Documents
Vulnerability Scanner Tools - bfiia.org

Vulnerability Scanner Tools - bfiia.org

Documents
Is Your Website Hackable? Check with Acunetix Web Vulnerability Scanner. Acunetix Web Vulnerability Scanner

Is Your Website Hackable? Check with Acunetix Web Vulnerability Scanner. Acunetix Web Vulnerability Scanner

Documents
WebCruiser Web Vulnerability Scanner Test Report

WebCruiser Web Vulnerability Scanner Test Report

Documents
VULNERABILITY MANAGEMENT€¦ · Vulnerability management is more than just running a vulnerability scanner and adjusting the resulting vulnerabilities on an annual basis. A vulnerability

VULNERABILITY MANAGEMENT€¦ · Vulnerability management is more than just running a vulnerability scanner and adjusting the resulting vulnerabilities on an annual basis. A vulnerability

Documents
PC Pro Business Reviews Acunetix Web Vulnerability Scanner · PC Pro Business Reviews Acunetix Web Vulnerability Scanner A comprehensive set of security tools in one package, with

PC Pro Business Reviews Acunetix Web Vulnerability Scanner · PC Pro Business Reviews Acunetix Web Vulnerability Scanner A comprehensive set of security tools in one package, with

Documents
WebCruiser Web Vulnerability Scanner User Guide

WebCruiser Web Vulnerability Scanner User Guide

Documents
KEAMANAN JARINGAN KOMPUTER Scanner Web Vulnerabilityedocs.ilkom.unsri.ac.id/3474/1/Syukran Rizki... · 2019. 2. 18. · KEAMANAN JARINGAN KOMPUTER Scanner Web Vulnerability Oleh :

KEAMANAN JARINGAN KOMPUTER Scanner Web Vulnerabilityedocs.ilkom.unsri.ac.id/3474/1/Syukran Rizki... · 2019. 2. 18. · KEAMANAN JARINGAN KOMPUTER Scanner Web Vulnerability Oleh :

Documents
”The world's most advanced Open Source vulnerability scanner”

”The world's most advanced Open Source vulnerability scanner”

Documents
Operating Systems and Program (in)security · 2019-12-03 · NMAP Mapping and Fingerprinting Vulnerability Assessment OpenVAS Vulnerability Scanner Penetration Testing Metasploit

Operating Systems and Program (in)security · 2019-12-03 · NMAP Mapping and Fingerprinting Vulnerability Assessment OpenVAS Vulnerability Scanner Penetration Testing Metasploit

Documents
A First Look at the Usability of OpenVAS Vulnerability Scanner · 2019-02-22 · A First Look at the Usability of OpenVAS Vulnerability Scanner M. Ugur Aksu, Enes Altuncu, Kemal Bicakci

A First Look at the Usability of OpenVAS Vulnerability Scanner · 2019-02-22 · A First Look at the Usability of OpenVAS Vulnerability Scanner M. Ugur Aksu, Enes Altuncu, Kemal Bicakci

Documents
Integrate Nessus Vulnerability Scanner/SecurityCenter ...Nessus Vulnerability Scanner/SecurityCenter version Nessus 6.X series (Nessus 6.0 – Nessus 6.9.3) or Nessus Professional

Integrate Nessus Vulnerability Scanner/SecurityCenter ...Nessus Vulnerability Scanner/SecurityCenter version Nessus 6.X series (Nessus 6.0 – Nessus 6.9.3) or Nessus Professional

Documents
Enterprise Vulnerability Managementopennet.client02.prostoy.ru/wp-content/uploads/2017/02/... · 2017-02-04 · Vulnerability Scanner is a necessity Don't depend too much on them

Enterprise Vulnerability Managementopennet.client02.prostoy.ru/wp-content/uploads/2017/02/... · 2017-02-04 · Vulnerability Scanner is a necessity Don't depend too much on them

Documents
index-of.esindex-of.es/Attacks/FTP Bounce Attack/Vulnerabilities.pdf · CyberCop Scanner Vulnerability Guide 3 CYBERCOP SCANNER VULNERABILITY GUIDE 1: INFORMATION GATHERING AND RECON

index-of.esindex-of.es/Attacks/FTP Bounce Attack/Vulnerabilities.pdf · CyberCop Scanner Vulnerability Guide 3 CYBERCOP SCANNER VULNERABILITY GUIDE 1: INFORMATION GATHERING AND RECON

Documents
Passive Vulnerability Scanning Overview...Passive Vulnerability Scanner (U.S. patent 7,761,918 B2) from Tenable is a network discovery and vulnerability analysis software solution

Passive Vulnerability Scanning Overview...Passive Vulnerability Scanner (U.S. patent 7,761,918 B2) from Tenable is a network discovery and vulnerability analysis software solution

Documents
Tenable Network Security, Inc. Tenable Security Center 3.2 ... · Correlation Engine 2.0.2 (LCE); Passive Vulnerability Scanner 3.0 (PVS); and, Nessus Scanner 3.0.4 (Nessus). The

Tenable Network Security, Inc. Tenable Security Center 3.2 ... · Correlation Engine 2.0.2 (LCE); Passive Vulnerability Scanner 3.0 (PVS); and, Nessus Scanner 3.0.4 (Nessus). The

Documents
Your Scanner Sucks Vulnerability Management That …...© 2013 GuidePoint Security CONFIDENTIAL AND PROPRIETARY CSIRT vs Vulnerability Mgmt • Not mutually exclusive • Consider

Your Scanner Sucks Vulnerability Management That …...© 2013 GuidePoint Security CONFIDENTIAL AND PROPRIETARY CSIRT vs Vulnerability Mgmt • Not mutually exclusive • Consider

Documents
Vulnerability Management in Software: Before Patch … management is integral to computer security and network security. Vulnerabilities can be discovered with a vulnerability scanner,

Vulnerability Management in Software: Before Patch … management is integral to computer security and network security. Vulnerabilities can be discovered with a vulnerability scanner,

Documents
Web vulnerability scanner getting start

Web vulnerability scanner getting start

Software
Web Vulnerability Scanner v10 Product Manual...Introduction to Acunetix Web Vulnerability Scanner Why You Need To Secure Your Web Applications Website security is today's most overlooked

Web Vulnerability Scanner v10 Product Manual...Introduction to Acunetix Web Vulnerability Scanner Why You Need To Secure Your Web Applications Website security is today's most overlooked

Documents
[ITAS.VN]Black-Box Automated Web Vulnerability Scanner Limitations

[ITAS.VN]Black-Box Automated Web Vulnerability Scanner Limitations

Technology
Subgraph vega web vulnerability scanner

Subgraph vega web vulnerability scanner

Career
Acunetix - Web Vulnerability Scanner

Acunetix - Web Vulnerability Scanner

Software
AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)

AISECjp SAIVS(Spider Artificial Intelligence Vulnerability Scanner)

Software
Integration Guide for Nessus Vulnerability Scanner · Integration Guide for Nessus Vulnerability Scanner 1. Overview Nessus/Tenable Vulnerability scanner is a tool that identifies

Integration Guide for Nessus Vulnerability Scanner · Integration Guide for Nessus Vulnerability Scanner 1. Overview Nessus/Tenable Vulnerability scanner is a tool that identifies

Documents
Network Security Scanner Network vulnerability scanning, patch management and auditing

Network Security Scanner Network vulnerability scanning, patch management and auditing

Documents
OpenVAS: Vulnerability Assessment Scanner

OpenVAS: Vulnerability Assessment Scanner

Technology
Vulnerability Scanning & Management...scanner [3]. Vulnerability Scanning This paper presents a typical vulnerability scanning process conducted on a target using Nessus Vulnerability

Vulnerability Scanning & Management...scanner [3]. Vulnerability Scanning This paper presents a typical vulnerability scanning process conducted on a target using Nessus Vulnerability

Documents
Seculabs eBook - Uniscan - Vulnerability Scanner and Web Crawler

Seculabs eBook - Uniscan - Vulnerability Scanner and Web Crawler

Documents
Nessus Professional Vulnerability Scanner - E-SPIN Group · Nessus Professional Vulnerability Scanner ... con˛gu ration, system hardening, malware detection, web application scanning

Nessus Professional Vulnerability Scanner - E-SPIN Group · Nessus Professional Vulnerability Scanner ... con˛gu ration, system hardening, malware detection, web application scanning

Documents