Frequent Technical Questions

Do you scan for Cross-site scripting and SQL injection ?

Yes, our technology allows for OWASP Top10 recommendations and much more. You will find the complete number of security checks here.

What about the N-Stealth attack signatures database ?

“N-Stealth Web Attack Database” is the largest database of security checks available in the market. We search for vulnerabilities in 3rd-party packages such as WordPress, Joomla and Drupal.  Besides that, we maintain a database of 39,000 well-known signatures for web server that can be used to search for common vulnerabilities and server misconfiguration.

Do you support all features available in the HTTP protocol ? And what about authentication?

Yes, N-Stalker supports HTTP version 1.1 and enhances your scanning experience using persistent connections (including SSL). N-Stalker also supports multiple HTTP authentication method such as:

  • HTTP Basic and digest authentication;
  • Microsoft’s NTLM mechanism;
  • Client-side digital certificate (x.509);
  • Web Form authentication (custom login pages).

I am absolutely a begginner on Web Application Security. Is it the right tool ?

Yes, absolutely. N-Stalker provides high level wizards to allow you for a better experience, even if you are not a “security gury”.

Do you support J2EE, Microsoft.NET(R), Microsoft(R) ASP, ColdFusion or PHP platforms ?

Yes. Every known Web development platform is supported as long as it provides interaction through the HTTP protocol.

What kind of security checks are you able to do ?

Check here for the entire list. Security checks are split into different editions so you may have an idea of the best tool for your task.

My application requires a custom navigation. Are you capable of spidering through it ?

N-Stalker can record a web session direct from your web browser, replaying it against your Web Application, even custom interactions such as web form login. There is also an inline proxy that provides a “drive-thru” experience (navigate throughout your application for custom interaction or a more restricted scope).

My application is very complex. I have several reverse proxy Web Servers in the same context but running under different platforms. How do you handle that ?

Our exclusive Component-oriented Web Application Security Assessment technology allows N-Stalker to identify every distinct component within your Web Application, even reverse proxies that distributes different platforms in the same application URL. N-Stalker will treat every component differently, searching for common vulnerabilities for each particular platform.

Can we try it ?

Sure you can! Please, try our free version to get to know more about our scanning methods, however, you will not be able to run custom Web Applications checks such as SQL injections. If you want to try the whole package, contact us for an evaluation version.