|
The release of N-Stalker Web Application Security Scanner X is an important step towards the next generation Web Application Security Assessment software, providing not only a tool to scan web resources, but a solution that will follow your web application development's life-cycle.
| • | Component-oriented Web Application Security Analysis |
The patent-pending technology of Component-oriented Web Application Security Analysis will provide the most effective approach to your custom application, enabling a Service-oriented Architecture (SOA) analysis with a security perspective.
N-Stalker Web Application Security Scanner will not only crawl resources as a browser would do it – it will also create a class of objects being used by your custom application to allow for a more effective assessment.
The concept of Development and QA, Infrastructure and Deploy and Penetration test analysis will give customers the ability to verify relevant security issues based in their web application life-cycle, from OWASP Top10 security recommendations to Bugtraq 0-day vulnerabilities being exploited by malicious users in the wild.
| • | Web Application Secure Development Life-cycle |
N-Stalker Web Application Security Suite is built to provide complete control over your Web Application Development Life-cycle. With a range of different security checks, customers will be able to create specific security scan policies to cover:
| • | Development & QA Profile: a deep approach in the Web Application structure and output code (HTML), enabling N-Stalker to sweep out transaction brokers and common application areas to identify development security flaws. A QA approach can be used to certify internal or third-party development code and give the level of trust needed to promote web applications to production level. |
| • | Infrastructure & Deploy Profile: According to recent studies (Gartner Group), most of the vulnerabilities are introduced in the web application deployment phase, when even previously certified applications can become vulnerable due to third-parties vulnerable softwares. N-Stalker is the only vendor to provide more than 35,000 attack signatures to assess your Web server infrastructure and guarantee a safe hosting environment. |
| • | Pen-test and Security Audit Profile: A complete analysis of your web application, including development, infrastructure and production aspects that can be used to assess the current level of security of Web Applications currently in use. |
These are the special features that make N-Stalker Web Application Security Scanner the most complete solution to assess Web Applications:
| • | Server-side technology discoverer |
| • | Automatic False Positive Prevention Engine |
| • | Component-oriented Web Crawler |
| • | Component-oriented Scanning Engine |
| • | IDS Evasion Fuzzing Tests |
| • | Custom Web Navigation Macro Recorder |
| • | Web form autocomplete mechanism |
| • | Special Attack console to explore vulnerabilities |
| • | Effective Multithreading Scan for best performance |
| • | Compliance-oriented security analysis |
| • | Support to most common Web Assessment Standards such as OWASP Top10, PCI, SANS/FBI Top10/20 |
| • | Support to Multiple authentication schemes, including Web Form, HTTP and x.509 authentication. |
| • | Most complete 39,000 Web Attack Signatures Database |
| • | Independent solution, no need for 3rd party database or software |
| • | Enhanced Report Generation for scanning comparison |
| • | Final Report supporting multiple formats (RTF,PDF) |
| • | Command-line scanner to automate your scanning experience |
| • | Integrated Google Hacking Database Search Tool |
| • | HTTP Web Authentication Brute Force |
| • | HTTP Performance Load Tester |
| • | HTTP Web Proxy with special interception interface |
|
