1 / 9

Web App Scanners | Scanning Tools

Scantrics helps protect websites and web applications from malicious attacks. Website Scanner Online will show you exactly what is vulnerable about your website so that you can fix it before hackers exploit it. For more information, visit: https://scantrics.io

Scantrics
Télécharger la présentation

Web App Scanners | Scanning Tools

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Scantrics Tools Scantrics offer 11 security testing tools that scans and identifies vulnerabilities in websitesand web applications. This Photo by Unknown Author is licensed under CC BY-SA-NC

  2. How it works? A target URL is the parameter to be scanned by the Website Vulnerability Scanner. The tool needs the full URL of the target that includes http:// or https:// as the protocol. Since the tool does not follow any redirects, the exact URL will be scanned. The Website Vulnerability Scanner scans a web application by sending multiple HTTP requests to the particular web application. Quick Scan generates up to 20 HTTP requests to the server, while Full Scan can generate more than 10,000 HTTP requests to the server. As Full Scan does a more comprehensive website assessment than Quick Scan, several hours are needed to complete the task. During this period, the tool crawls the entire web application, performs multiple security tests, analyses the responses from the web application, finds the security vulnerabilities, and gathers all results in the report. In order to run the Full Scan, the Website Vulnerability Scanner has lots of plugins with a specific capability. For example, the SQL Injection plugin is built purposely to run SQL Injection query and to find if such vulnerability exists within the web application. Depending on the complexity of the web application itself, each plugin may generate a lot of requests and take time to complete the Full Scan. Website Scanner

  3. TCP Port Scanner is based on the most powerful port scanner, Nmap. Nmap is known as the de-facto tool for finding open ports and services, allowing users to run a set of scans against the target host. As such, TCP Port scanner functions the same way as Nmap does. Users only need to define the target IP/Hostname and the tool will do DNS resolution before sending the request to the target. Firstly, it will perform host discovery in order to check if the host is live before probing the ports on the target. Then, the tool will run open port detection script in order to detect the listening port on the target and it will also perform service detection for the particular port. For example, when TCP Port Scanner finds there is port 80/443 open on the target, it will check what services are running, such as Apache, Nginx along with other versions. How it works? TCP Port Scanner

  4. Subdomain Scanner How it works? A target domain name is the parameter to be scanned by the Subdomain Scanner. The tool uses multiple techniques to discover subdomains such as: Gathering the DNS Records (NS, MX, TXT, AXFR) DNS Records consist of the IP address associated to each subdomain. Therefore, this tool will try to request DNS Zone Transfer of the target to gather all the records from the DNS server. Performing DNS enumeration based on a specially chosen wordlist The wordlist contains all the common name of subdomains that is usually used. The tool will brute-force the subdomain by trying each name listed on the wordlist one by one to see if any of the list returns a response when requested. Querying on public search engines The Subdomain Scanner will run queries on public search engines, such as Google or Bing, and gain the subdomains based on the results. For instance, if we type “site:example.com” on Google Search, we may find any associated subdomains in the search results. Applying word mutation techniques The tool will mutate the common name of subdomain by changing some of the letters within the wording or by changing the order of the subdomain name. Searching in SSL certificates Websites that use wildcard SSL certificates allow this tool to find the associated subdomain. By scanning the SSL certificate, the tool will be able to gather the subdomains that use the same wildcard SSL certificate. Parsing HTML links This tool performs website crawling on the target domain to find if any HTML links (href) are pointing to another hostname instead of the same hostname. For example, www.example.com might have an HTML link to admin.example.com. However, this technique will only find the subdomain if it is inside the HTML href attribute. Reverse DNS lookup on target IP ranges The Subdomain Scanner will perform reverse DNS lookup on the target IP ranges to find the subdomains that might be residing on the target IP range and get the subdomains through the PTR record in the DNS.

  5. XSS Scanner How it works? A target URL is the parameter to be scanned by the XSS Vulnerability Scanner. The tool needs the full URL of the target that includes http:// or https:// as the protocol. Since the tool does not follow any redirects, the exact URL will be scanned. This tool runs a security check by replacing the original parameters of a test step with harmless strings, which resemble the malicious strings that are used in real attacks. It injects these strings to both XML elements and JSON fields. The XSS scanner then uses assertions to validate requests and responses and check if they include any information about potential web application vulnerabilities. ‘PASS’ will be logged for all assertions that pass successfully. ‘FAIL’ will be logged for any assertion that fails.

  6. Virtual Host Scanner How it works? Users of Virtual Host Scanner only need to insert either the IP address or Hostname as the target parameter. This tool should find the virtual host if it resides on the same IP address as the apex/root domain. The tool will then perform the scan by using multiple discovery techniques such as: Querying on public search engines The query itself is usually a Google Dork query, such as “site:example.com” that will return a list of subdomains indexed on Google Search Engine. DNS resolutions By translating the IP address into the hostname. This task usually will need to contact the DNS server and request the PTR record of a specific IP that can give responses in hostname form as responses. Analysing web redirects Some of websites might have a link that will redirect the user to another subdomain when clicked by the user. Hence, the Virtual Host Scanner also crawls websites and check for any web redirects contained in the HTML page through certain HTML tags, such as href. Searching in SSL certificates By finding the subdomains associated with the SSL certificate. Any subdomain that uses the same SSL certificate (wildcard) can be found by scanning through the information in the SSL certificate. Most of the time, the web developer/network administrator will apply the same SSL certificate for the domain and subdomains associated for the purpose of manageability.

  7. How it works? It’s important to secure your web applications from SQL injection attacks by implementing proper security mechanisms, such as query sanitization before hackers find out. Our SQL injection scanner is based on the OWASP ZAP engine. OWASP ZAP is currently one of the most popular open-source vulnerability assessment tools that is supported by hundreds of developers and other community members. This tool conducts SQL injection testing by inserting special characters in all form fields of the target web application and affects the webpage behaviour to be observed. In most cases, database errors showing in the webpage indicates that the web application might be vulnerable to SQL injection attacks. SQL Injection Scanner

  8. Reach Us • Contact Us • We are here to help. • Get in touch to learn more about how we can help you. • Whether you have a question about our products, services, pricing, need a consultation session, or anything else, our team is ready to answer all your questions. • We want to ensure that we are reachable to you whenever you need help. Reach us from any channel below at your convenience. Our Offices CYBERJAYA, MALAYSIA (Headquarter) Blok 4805-02-08, Jalan Flora CBD Perdana 2,​ Cyber 12, Cyberjaya, Selangor 63000, Malaysia Tel: +603 8601 0561 • Sales Inquiries • sales@primaryguard.com • Partnerships • corporatePR@primaryguard.com • Technical Support • techdev@primaryguard.com

  9. Thank you

More Related