web application security scanner is program which communicates with a web application through the web front-end in order to identify potential security weaknesses in the web application.
It performs a black-box test. Unlike source code scanners, web application scanners don't have access to the source code and therefore detect vulnerabilities by actually performing attacks.
A web application security scanner can facilitate the automated review of a web application with the expressed purpose of discovering security vulnerabilities, and are required to comply with various regulatory requirements. Web application scanners can look for a wide variety of vulnerabilities, including:
- Input/Output validation: (Cross-site scripting, SQL Injection)
- Specific application problems
- Server configuration mistakes/errors/version
Web Applications Issues :
- Scripting issues
- Sources of input: forms, text boxes, dialog windows, etc.
- Multiple Charset Encodings (UTF-8, ISO-8859-15, UTF-7, etc.)
- Regular expression checks
- Header integrity (e.g. Multiple HTTP Content Length, HTTP Response Splitting)
- Session handling/fixation
- Framework vulnerabities(Java Server Pages, .NET, Ruby On Rails, Django, etc.)
- Success control: front door, back door vulnerability assessment
- Penetration attempts versus failures
Technical vulnerabilities :
- Unvalidated input:
- Tainted parameters - Parameters users in URLs, HTTP headers, and forms are often used to control and validate access to sentitive information.
- Tainted data
- Cross-Site Scripting flaws:
- XSS takes advantage of a vulnerable web site to attack clients who visit that web site. The most frequent goal is to steal the credentials of users who visit the site.
- Content Injection flaws:
- Data injection
- SQL injection - SQL injection allows commands to be executed directly against the database, allowing disclosure and modification of data in the database
- XPath injection - XPath injection allows attacker to manipulate the data in the XML database
- Command injection - OS and platform commands can often be used to give attackers access to data and escalate privileges on backend servers.
- Process injection
- Cross-site Request Forgeries
Security Vulnerabilities :
- Denial of Service
- Broken access control
- Path manipulation
- Broken session management (synchronization timing problems)
- Weak cryptographic functions, Non salt hash
Architectural/Logical Vulnerabilities :
- Information leakage
- Insufficient authentification
- Password change form disclosing detailed errors
- Session-idle deconstruction not consistent with policies
- Spend deposit before deposit funds are validated
Other vulnerabilities :
- Debug mode
- Thread Safety
- Hidden Form Field Manipulation
- Weak Session Cookies: Cookies are often used to transit sensitive credentials, and are often easily modified to escalate access or assume another user's identify.
- Fail Open Authentication
- Dangers of HTML Comments
Web Scanner in network.