PRODUCTS

N-Stalker Security Checks

ENTERPRISE
INFRA
FREE
»Web Engine N-Stalker
Web Spider Module
(1)
ENTERPRISE
INFRA
FREE
»Custom Design Errors
Cross-site Script Injection Module
Database Tampering – SQL Injection Module, including:
- Direct mode
- Blind mode
Buffer & Integer Overflow attack Module
Format String attack Module
File & Directories Tampering Module, including:
- Backup Files Discovery
- Configuration Files Discovery
- Password Files Discovery
- Information Leakage Discovery
Parameter Tampering Module, including:
- Special Parameter Addition attacks
- Boolean Parameter Tampering attacks
- Hidden Parameter Discovery
- Parameter Deletion attacks
- Remote Execution attacks
- File & Directory traversal attacks
- Header Splitting & CRLF Injection attacks
- Remote File Include PHP-based attacks
Check for Suspicious Values in Web Form Hidden Fields
Custom Signature Check (via Signature Editor)
ENTERPRISE
INFRA
FREE
»Web Server Exposure
Web Server Infrastructure Analysis Module, including:
- Web Server & Platform version vulnerabilities
- SSL encryption and X.509 certificate vulnerabilities
- HTTP Method Discovery Module
- HTTP Fingerprint Module, including:
- Web Server Fingerprint Module
- Web Server technology Discovery Module
- Directory Brute-Force
- HTTP Protocol vulnerabilities
ENTERPRISE
INFRA
FREE
»Web Signature Attacks
Web Attack Signatures Module, including:
partial
- IIS CGI Decode Test
partial
- IIS Extended Unicode Test
partial
- IIS File Parsing Test
partial
- FrontPage Security Test
partial
- Lotus Domino Security Test
partial
- General CGI Security Test
partial
- HTTP Devices Security Test (routers, switches)
partial
- Windows-based CGI Security Test
partial
- Windows-based CGI Security Test
partial
- PHP Web Application Security Test
partial
- ASP Web Application Security Test
partial
- J2EE Web Application Security Test
partial
- Coldfusion Web Application Security Test
partial
Attack templates such as:
- Complete, SANS/FBI Top10, Top20
ENTERPRISE
INFRA
FREE
»Confidentiality Exposure Checks
Look for Web forms vulnerabilities, including:
- Password cache feature
- Insecure method for sending data
- Lack of Encryption for sensitive data
- Insecure location to send data (leakage)
- Find directory listing
- Find available objects to download
- Find meta-tag leakage
- Find sensitive keywords in comments and scripts
Compliance analysis, including:
- Find Copyright statements
- Find content rating statements
- Find custom content on web pages and forms
ENTERPRISE
INFRA
FREE
»Cookie Exposure Checks
Cookie Security Analysis Module, including:
- Find weakness in cookie information
- Find cookies sent without encryption
- Find information leakage in cookie information
- Find cookies vulnerable to malicious client-side script
ENTERPRISE
INFRA
FREE
»File & Directory Exposure Checks
Search for backup files
Search for information leakage files
Search for configuration files
Search for password files