N-Stalker The Web Security Specialists

Product Resource

• What's New in 2009
• Our Technology
• Unique Features
• Add-on Tools
• Security Checks
• Report Details
• License Model
• Requirements
• FAQ
• Reviews & Quotes

See Also

• Enterprise Edition
• QA Edition
• Infrastructure Edition
• Free Edition

Technical Resources

• Getting Started
• White Paper
• Screenshots

Products » Unique Features

These are the special features that make N-Stalker Web Application Security Scanner the most complete solution to assess Web Applications:

» HTTP Fingerprinting & Server-side technology discoverer

Relying solely on banner strings is not a trustable option to identify web server and server-side technologies. N-Stalker has implemented a self-owned HTTP fingerprinting technology to discover web server platform and create effective security checks.

» AJAX ready security scanning

N-Stalker relies upon well-known and mature open-source technology to process web scripts (javascript) and interact with AJAX-based applications. Different from other competitors, we will not do "DOM reconstruction" but real-time DOM integration with our own javascript virtual machine.

» Automatic False Positive Prevention Engine

The number of configuration differences among Web Server platforms ends up creating a difficult environment to assess Web Applications without being susceptible to false positives. N-Stalker effectively addresses the issue on a different perspective, being able to create its own false-positive filter rules automatically without manual interference. Using a self-owned web page hashing system, even dynamic generated pages can be inspected for automatic rules generation.

» Component-oriented Web Crawler and Scanner Engine

Web Applications are becoming more complex everyday. Reverse proxies can obscure multiple platforms and technologies behind one simple URL. N-Stalker Scanner will crawl through your Web Application using a component-oriented perspective. For every available component found, N-Stalker explores its relationship within the application and uses it to create custom and more effective security checks.

» Platform-independent Web Application Scanning (J2EE, PHP, .NET, etc)

N-Stalker will inspect your custom Web Application no matter what framework and platform it was used. Our Spider Engine will crawl your application resources, process AJAX requests, javascript code and it will create a special security assessment template for each particular case.

» Most complete 39,000 Web Attack Signatures Database

By inheriting the most complete attack signature database available in the market, "The N-Stealth Web Attack Database(TM)", N-Stalker will inspect your web server infrastructure against more than 39,000 signatures from different technologies, ranging from 3rd party software packages to well-known web server vendors.

» Legal Compliance-oriented security analysis

Most of the Legal Regulations available in different countries require Web Applications to take particular actions to be compliant. N-Stalker provides a policy configuration interface to configure a wide variety of security checks, including information leakage and event-driven information analysis (e.g: presence of copyright notes, content rating, privacy policy reference on web form pages).

» Policy-driven Web Application Security Scanning(OWASP, CWE, PCI)

N-Stalker Web Application Security Scanner works by applying scanning policies on target Web Applications. Creating your own Scan Policies will allow for standardized scan results over a determined time period and provide the use of compliant scanning methodologies such as OWASP Top 10, PCI Data Security, Mitre's CWE, etc.

» Enhanced HTTP Debugger

N-Stalker Scanner interface provides a way to record every HTTP transaction between scanner and web server, allowing you to inspect and analyze interactions that led to a possible attack. You may choose to record only HTTP headers or the entire payload (HTTP body).

» Web Macro Recorder

Do you need to authenticate into your application using a Web Form? Do you need to interact with your application to access a specific area? N-Stalker provides a Web Macro recorder that allows you to store a navigation script to be later processed by N-Stalker's spider engine. An easy-to-use interface (including a Web Proxy tool) will allow you to use your own favorite web browser to construct a customized script.

» Effective Multithreading Scan for best performance

N-Stalker Scanner is founded upon a multithreading engine which provides an enhanced scanning experience. By using a self-owned technology that automatically chooses the best time to apply multithreading scanning, security checks can be safely conducted faster than the traditional methods currently used.

» Independent solution [ no need for 3rd party database or software ]

No other Web Application Scanning tool is more portable and easy to implement than N-Stalker. There is no need for 3rd party software packages and databases, you just need to install the N-Stalker Web Application Security Scanner in your operational system and initiate your web scanning experience.

» Support to Multiple Web Authentication schemes

N-Stalker supports a wide variety of Web Authentication schemes, including Web Form requests, common HTTP protocol and x.509 digital certificate authentication.

» CVE Compatibility

Since 2001, N-Stalker Security Checks are compatible to Mitre Organization's CVE standard. Security vulnerabilities are displayed with CVE links that allow customers to obtain external references to support on evaluating the risk and mitigation procedures.

» IDS/IPS HTTP Evasion Test

N-Stalker provides a HTTP encoder mechanism that will test your Intrusion Detection and Prevention systems for evasion vulnerabilities. This is also useful for stealth penetration tests.

» Special Attack console to explore vulnerabilities

When a vulnerability is found, N-Stalker provides access to a special Attack console, where you may inspect raw request and response on different views, from raw text to hexadecimal table. You may even replay the attack on real time and see the response for yourself.

» Enhanced Report Generation for scanning comparison

N-Stalker provides a enhanced report creation engine, giving you the ability to create comparison and trend analysis reports of your Web Applications based on scan results generated over a determined time period.

» Scan Report supporting multiple formats (RTF, PDF)

The newest scan report engine is capable of providing complete Scan Reports using three different formats, including RTF and PDF. N-Stalker even provides an interface to configure and securely distribute your PDF reports, applying cryptography and access control features.