These are the special features that make N-Stalker Web Application Security Scanner the most complete solution to assess Web Applications:
Relying solely on banner strings is not a trustable option to identify web server and server-side technologies. N-Stalker implemented a self-owned HTTP fingerprinting technology to discover web server platform and create effective security checks.
Back to topThe number of configuration differences among Web Server platforms ends up creating a difficult environment to assess Web Applications without being susceptible to false positives. N-Stalker effectively addresses the issue on a different perspective, being able to create its own false-positive filter rules automatically without manual interference. Using a self-owned web page hashing system, even dynamic generated pages can be inspected for automatic rules generation.
Back to topWeb Applications are becoming more complex everyday. Reverse proxies can obscure multiple platforms and technologies behind one simple URL. N-Stalker Scanner will crawl through your Web Application using a component-oriented perspective. For every available component found, N-Stalker explores its relationship within the application and use it to create custom and more effective security checks.
Back to topMost of the Legal Regulations available on different countries require Web Applications to take particular actions to be compliant. N-Stalker provides a policy configuration interface to configure a wide variety of security checks, including information leakage and event-driven information analysis (e.g: presence of copyright notes, content rating, privacy policy reference on web form pages).
Back to topN-Stalker Web Application Security Scanner works by applying scanning policies on target Web Applications. Creating your own Scan Policies will allow for standardized scan results over a determined time period and provide the use of compliant scanning methodologies such as OWASP Top 10, PCI Compliance, SOX, Privacy Policy Acts, etc.
Back to topN-Stalker Scanner interface provides internal access to the Web Spidering Engine, giving the ability to debug each request and even modifying aspects of the request itself before it gets sent to the Web Server. You may choose to watch process as if you were on a slide show or on step-by-step mode, and even a closer approach to the crawling mechanism.
Back to topForget about the lack of flexibility on Web Security Scanners. N-Stalker provides access to create your own security checks ranging from an easy-to-use interface to an easy Script language (Zscript) that will enhance your experience and provide extended access to the HTTP protocol and N-Stalker Scanner’s Event Interface.
Back to topDo you have a complex web application requiring custom navigation steps for better scanning experience ? N-Stalker provides a self-owned Web Browser interface that enables you to record custom Web navigation scripts such as logon and web form filling procedures. This is an important feature to customize N-Stalker Scanner for a more effective assessment.
Back to topN-Stalker Scanner is founded upon a multithreading engine which provides an enhanced scanning experience. By using a self-owned technology that automatically chooses the best time to apply multithreading scanning, security checks can be safely conducted faster than the traditional methods currently used.
Back to topBy inheriting the most complete attack signature database available in the market, “The N-Stealth Web Attack Database™”, N-Stalker will inspect your web server infrastructure against more than 35,000 signatures from different technologies, ranging from 3rd party software packages to well-known web server vendors.
Back to topNo other Web Application Scanning tool is more portable and easy to implement than N-Stalker. There is no need for 3rd party software packages and databases, you just need to install the N-Stalker Web Application Security Scanner in your operational system and initiate your web scanning experience.
Back to topN-Stalker supports a wide variety of Web Authentication schemes, including Web Form requests, common HTTP protocol and x.509 digital certificate authentication.
Back to topSince 2001, N-Stalker Security Checks are compatible to Mitre Organization’s CVE standard. Security vulnerabilities are displayed with CVE links that allow customers to obtain external references to support on evaluating the risk and mitigation procedures.
Back to topN-Stalker provides a HTTP encoder mechanism that will test your Intrusion Detection and Prevention systems for evasion vulnerabilities. This is useful for stealth penetration tests also.
Back to topWhen a vulnerability is found, N-Stalker provides access to a special Attack console, where you may inspect raw request and response on different views, from raw text to hexadecimal table. You may even replay the attack on real time and see the response for yourself.
Back to topN-Stalker provides a enhanced report creation engine, giving you the ability to create comparison and trend analysis reports of you Web Applications based on scan results generated over a determined time period.
Back to topThe newest scan report engine is capable of providing complete Scan Reports using three different formats, including HTML, RTF and PDF. N-Stalker even provides an interface to configure and securely distribute your PDF reports, applying cryptography and access control features.
Back to top