List of Security Checks

List of Security Checks

Top Previous Next

These are the security checks currently available in N-Stalker X version.

•	Custom Design Errors

•	Cross-site Script Injection Module

•	Database Tampering - SQL Injection Module, including:

o	Direct mode

o	Blind mode

•	Buffer & Integer Overflow attack Module

•	Format String attack Module

•	File & Directories Tampering Module

•	Parameter Tampering Module, including:

•	Special Parameter Addition attacks

•	LDAP, XPath, XQuery injections

•	Boolean Parameter Tampering attacks

•	Hidden Parameter Discovery

•	Parameter Deletion attacks

•	Remote Execution attacks

•	File & Directory traversal attacks

•	Header Splitting & CRLF Injection attacks

•	Remote File Include PHP-based attacks

•	Web Server Exposure

•	Web Server Infrastructure Analysis Module, including:

o	Web Server version vulnerabilities

•	SSL encryption and x.509 certificate vulnerabilities

•	HTTP Method Discovery Module

•	HTTP Fingerprint Module, including:

o	Web Server Fingerprint Module

o	Web Server technology Discovery Module

•	Directory Brute-Force

•	HTTP Protocol vulnerabilities

•	Web Signature Attacks (40,000 attack database)

•	Web Attack Signatures Module, including:

o	IIS CGI Decode Test

o	IIS Extended Unicode Test

o	IIS File Parsing Test

o	FrontPage Security Test

o	Lotus Domino Security Test

o	General CGI Security Test

o	HTTP Devices Security Test (routers, switches)

o	Windows-based CGI Security Test

o	PHP Web Application Security Test

o	ASP Web Application Security Test

o	J2EE Web Application Security Test

o	Coldfusion Web Application Security Test

•	Attack templates such as:

o	Complete, SANS/FBI Top10, Top20

•	Confidentiality Exposure Checks

•	Look for Web forms vulnerabilities, including:

o	Password cache feature

o	Insecure method for sending data

o	Lack of Encryption for sensitive data

o	Insecure location to send data (leakage)

•	Information Leakage module, including:

o	Find directory listing

o	Find available objects to download

o	Find meta-tag leakage

o	Find sensitive keywords in comments and scripts

•	Compliance analysis, including:

o	Find Copyright statements

o	Find content rating statements

o	Find custom content on web pages and forms

•	Cookie Exposure Checks

•	Cookie Security Analysis Module, including:

o	Find weakness in cookie information

o	Find cookies sent without encryption

o	Find information leakage in cookie information

o	Find cookies vulnerable to malicious client-side script

•	File & Directory Exposure Checks

•	Search for backup files

•	Search for information leakage files

•	Search for configuration files

•	Search for password files