N-Stalker The Web Security Specialists

N-Stalker Security Checks

Click here to return to previous page
Enterprise QA Infra Free
» Web Engine
N-Stalker Web Spider Module X X X (1)
» Custom Design Errors
Cross-site Script Injection Module X X
Database Tampering - SQL Injection Module, including: X X
- Direct mode X X
- Blind mode X X
Buffer & Integer Overflow attack Module X X
Format String attack Module X X
File & Directories Tampering Module, including: X X
- Backup Files Discovery X X
- Configuration Files Discovery X X
- Password Files Discovery X X
- Information Leakage Discovery X X
Parameter Tampering Module, including: X X
- Special Parameter Addition attacks X X
- Boolean Parameter Tampering attacks X X
- Hidden Parameter Discovery X X
- Parameter Deletion attacks X X
- Remote Execution attacks X X
- File & Directory traversal attacks X X
- Header Splitting & CRLF Injection attacks X X
- Remote File Include PHP-based attacks X X
Check for Suspicious Values in Web Form Hidden Fields X X
Custom Signature Check (via Signature Editor) X X X Partial
» Web Server Exposure
Web Server Infrastructure Analysis Module, including: X Partial X Partial
- Web Server & Platform version vulnerabilities X X X
- SSL encryption and x.509 certificate vulnerabilities X X X
- HTTP Method Discovery Module X X X
- HTTP Fingerprint Module, including: X X X X
- Web Server Fingerprint Module X X X X
- Web Server technology Discovery Module X X X X
- Directory Brute-Force X X X
- HTTP Protocol vulnerabilities X X
» Web Signature Attacks
Web Attack Signatures Module, including: X X Partial
- IIS CGI Decode Test X X Partial
- IIS Extended Unicode Test X X Partial
- IIS File Parsing Test X X Partial
- FrontPage Security Test X X Partial
- Lotus Domino Security Test X X Partial
- General CGI Security Test X X Partial
- HTTP Devices Security Test (routers, switches) X X Partial
- Windows-based CGI Security Test X X Partial
- PHP Web Application Security Test X X Partial
- ASP Web Application Security Test X X Partial
- J2EE Web Application Security Test X X Partial
- Coldfusion Web Application Security Test X X Partial
Attack templates such as: X X X
- Complete, SANS/FBI Top10, Top20 X X X
» Confidentiality Exposure Checks
Look for Web forms vulnerabilities, including: X X
- Password cache feature X X
- Insecure method for sending data X X
- Lack of Encryption for sensitive data X X
- Insecure location to send data (leakage) X X
Information Leakage module, including: X X
- Find directory listing X X
- Find available objects to download X X
- Find meta-tag leakage X X
- Find sensitive keywords in comments and scripts X X
Compliance analysis, including: X X
- Find Copyright statements X X
- Find content rating statements X X
- Find custom content on web pages and forms X X
» Cookie Exposure Checks
Cookie Security Analysis Module, including: X X
- Find weakness in cookie information X X
- Find cookies sent without encryption X X
- Find information leakage in cookie information X X
- Find cookies vulnerable to malicious client-side script X X
» File & Directory Exposure Checks
Search for backup files X X X X
Search for information leakage files X X
Search for configuration files X X
Search for password files X X


Click here to return to previous page