N-Stalker - The Web Security Specialists

N-Stalker Web Security Scanner 2006
Enterprise Edition
QA Edition
Infrastructure Edition
Free Edition

Security Checks


N-Stalker Security Checks	Enterprise	QA	Infra	Free
(1) - Partial (up to 100 URLs)
Web Engine
N-Stalker Web Spider Module	X	X	X	(1)
Custom Design Errors
Cross-site Script Injection Module	X	X
Database Tampering - SQL Injection Module, including:	X	X
• Direct mode	X	X
• Blind mode	X	X
Buffer & Integer Overflow attack Module	X	X
Format String attack Module	X	X
File & Directories Tampering Module, including:	X	X
• Backup Files Discovery	X	X
• Configuration Files Discovery	X	X
• Password Files Discovery	X	X
• Information Leakage Discovery	X	X
Parameter Tampering Module, including:	X	X
• Special Parameter Addition attacks	X	X
• Boolean Parameter Tampering attacks	X	X
• Hidden Parameter Discovery	X	X
• Parameter Deletion attacks	X	X
• Remote Execution attacks	X	X
• File & Directory traversal attacks	X	X
• Header Splitting & CRLF Injection attacks	X	X
• Remote File Include PHP-based attacks	X	X
Check for Suspicious Values in Web Form Hidden Fields	X	X
Custom Signature Check (via Signature Editor)	X	X	X	Partial
Web Server Exposure
Web Server Infrastructure Analysis Module, including:	X	Partial	X	Partial
• Web Server & Platform version vulnerabilities	X		X	X
• SSL encryption and x.509 certificate vulnerabilities	X		X	X
• HTTP Method Discovery Module	X		X	X
• HTTP Fingerprint Module, including:	X	X	X	X
• Web Server Fingerprint Module	X	X	X	X
• Web Server technology Discovery Module	X	X	X	X
• Directory Brute-Force	X		X	X
• HTTP Protocol vulnerabilities	X		X
Web Signature Attacks
Web Attack Signatures Module, including:	X		X	Partial
• IIS CGI Decode Test	X		X	Partial
• IIS Extended Unicode Test	X		X	Partial
• IIS File Parsing Test	X		X	Partial
• FrontPage Security Test	X		X	Partial
• Lotus Domino Security Test	X		X	Partial
• General CGI Security Test	X		X	Partial
• HTTP Devices Security Test (routers, switches)	X		X	Partial
• Windows-based CGI Security Test	X		X	Partial
• PHP Web Application Security Test	X		X	Partial
• ASP Web Application Security Test	X		X	Partial
• J2EE Web Application Security Test	X		X	Partial
• Coldfusion Web Application Security Test	X		X	Partial
Attack templates such as:	X		X	X
• Complete, SANS/FBI Top10, Top20	X		X	X
Confidentiality Exposure Checks
Look for Web forms vulnerabilities, including:	X	X
• Password cache feature	X	X
• Insecure method for sending data	X	X
• Lack of Encryption for sensitive data	X	X
• Insecure location to send data (leakage)	X	X
Information Leakage module, including:	X	X
• Find directory listing	X	X
• Find available objects to download	X	X
• Find meta-tag leakage	X	X
• Find sensitive keywords in comments and scripts	X	X
Compliance analysis, including:	X	X
• Find Copyright statements	X	X
• Find content rating statements	X	X
• Find custom content on web pages and forms	X	X
Cookie Exposure Checks
Cookie Security Analysis Module, including:	X	X
• Find weakness in cookie information	X	X
• Find cookies sent without encryption	X	X
• Find information leakage in cookie information	X	X
• Find cookies vulnerable to malicious client-side script	X	X
File & Directory Exposure Checks
Search for backup files	X	X	X	X
Search for information leakage files	X		X
Search for configuration files	X		X
Search for password files	X		X

© Copyright 2000-2008 N-Stalker | All rights reserved Legal Notice | Terms of Use