N-Stalker Security Checks
ENTERPRISE
INFRA
FREE
Web Spider Module
(1)
ENTERPRISE
INFRA
FREE
Cross-site Script Injection Module
Database Tampering – SQL Injection Module, including:
– Direct mode
– Blind mode
Buffer & Integer Overflow attack Module
Format String attack Module
File & Directories Tampering Module, including:
– Backup Files Discovery
– Configuration Files Discovery
– Password Files Discovery
– Information Leakage Discovery
Parameter Tampering Module, including:
– Special Parameter Addition attacks
– Boolean Parameter Tampering attacks
– Hidden Parameter Discovery
– Parameter Deletion attacks
– Remote Execution attacks
– File & Directory traversal attacks
– Header Splitting & CRLF Injection attacks
– Remote File Include PHP-based attacks
Check for Suspicious Values in Web Form Hidden Fields
Custom Signature Check (via Signature Editor)
ENTERPRISE
INFRA
FREE
Web Server Infrastructure Analysis Module, including:
– Web Server & Platform version vulnerabilities
– SSL encryption and X.509 certificate vulnerabilities
– HTTP Method Discovery Module
– HTTP Fingerprint Module, including:
– Web Server Fingerprint Module
– Web Server technology Discovery Module
– Directory Brute-Force
– HTTP Protocol vulnerabilities
ENTERPRISE
INFRA
FREE
Web Attack Signatures Module, including:
partial
– IIS CGI Decode Test
partial
– IIS Extended Unicode Test
partial
– IIS File Parsing Test
partial
– FrontPage Security Test
partial
– Lotus Domino Security Test
partial
– General CGI Security Test
partial
– HTTP Devices Security Test (routers, switches)
partial
– Windows-based CGI Security Test
partial
– Windows-based CGI Security Test
partial
– PHP Web Application Security Test
partial
– ASP Web Application Security Test
partial
– J2EE Web Application Security Test
partial
– Coldfusion Web Application Security Test
partial
Attack templates such as:
– Complete, SANS/FBI Top10, Top20
ENTERPRISE
INFRA
FREE
Look for Web forms vulnerabilities, including:
– Password cache feature
– Insecure method for sending data
– Lack of Encryption for sensitive data
– Insecure location to send data (leakage)
– Find directory listing
– Find available objects to download
– Find meta-tag leakage
– Find sensitive keywords in comments and scripts
Compliance analysis, including:
– Find Copyright statements
– Find content rating statements
– Find custom content on web pages and forms
ENTERPRISE
INFRA
FREE
Cookie Security Analysis Module, including:
– Find weakness in cookie information
– Find cookies sent without encryption
– Find information leakage in cookie information
– Find cookies vulnerable to malicious client-side script
ENTERPRISE
INFRA
FREE
Search for backup files
Search for information leakage files
Search for configuration files
Search for password files