N-Stalker Security Checks
ENTERPRISE
INFRA
FREE
Web Spider Module


(1)
ENTERPRISE
INFRA
FREE
Cross-site Script Injection Module



Database Tampering – SQL Injection Module, including:



– Direct mode



– Blind mode



Buffer & Integer Overflow attack Module



Format String attack Module



File & Directories Tampering Module, including:



– Backup Files Discovery



– Configuration Files Discovery



– Password Files Discovery



– Information Leakage Discovery



Parameter Tampering Module, including:



– Special Parameter Addition attacks



– Boolean Parameter Tampering attacks



– Hidden Parameter Discovery



– Parameter Deletion attacks



– Remote Execution attacks



– File & Directory traversal attacks



– Header Splitting & CRLF Injection attacks



– Remote File Include PHP-based attacks



Check for Suspicious Values in Web Form Hidden Fields



Custom Signature Check (via Signature Editor)



ENTERPRISE
INFRA
FREE
Web Server Infrastructure Analysis Module, including:



– Web Server & Platform version vulnerabilities



– SSL encryption and X.509 certificate vulnerabilities



– HTTP Method Discovery Module



– HTTP Fingerprint Module, including:



– Web Server Fingerprint Module



– Web Server technology Discovery Module



– Directory Brute-Force



– HTTP Protocol vulnerabilities



ENTERPRISE
INFRA
FREE
Web Attack Signatures Module, including:


partial
– IIS CGI Decode Test


partial
– IIS Extended Unicode Test


partial
– IIS File Parsing Test


partial
– FrontPage Security Test


partial
– Lotus Domino Security Test


partial
– General CGI Security Test


partial
– HTTP Devices Security Test (routers, switches)


partial
– Windows-based CGI Security Test


partial
– Windows-based CGI Security Test


partial
– PHP Web Application Security Test


partial
– ASP Web Application Security Test


partial
– J2EE Web Application Security Test


partial
– Coldfusion Web Application Security Test


partial
Attack templates such as:



– Complete, SANS/FBI Top10, Top20



ENTERPRISE
INFRA
FREE
Look for Web forms vulnerabilities, including:



– Password cache feature



– Insecure method for sending data



– Lack of Encryption for sensitive data



– Insecure location to send data (leakage)



– Find directory listing



– Find available objects to download



– Find meta-tag leakage



– Find sensitive keywords in comments and scripts



Compliance analysis, including:



– Find Copyright statements



– Find content rating statements



– Find custom content on web pages and forms



ENTERPRISE
INFRA
FREE
Cookie Security Analysis Module, including:



– Find weakness in cookie information



– Find cookies sent without encryption



– Find information leakage in cookie information



– Find cookies vulnerable to malicious client-side script



ENTERPRISE
INFRA
FREE
Search for backup files



Search for information leakage files



Search for configuration files



Search for password files


