Web Application Vulnerability Scanners are tools designed toautomatically scan web applications for potential vulnerabilities.These tools differ from general vulnerability assessment tools in thatthey do not perform a broad range of checks on a myriad of software andhardware. Instead, they perform other checks, such as potential fieldmanipulation and cookie poisoning, which allows a more focusedassessment of web applications by exposing vulnerabilities of whichstandard VA tools are unaware.
Web Application Security
Web Applications Issues-Scripting issues
-Sources of input: forms, text boxes, dialog windows, etc.
-Multiple Charset Encodings (UTF-8, ISO-8859-15, UTF-7, etc.)
-Regular expression checks
-Header integrity (e.g. Multiple HTTP Content Length, HTTP Response Splitting)
-Framework vulnerabities(Java Server Pages, .NET, Ruby On Rails, Django, etc.)
-Success control: front door, back door vulnerability assessment
-Penetration attempts versus failures
Technical vulnerabilities-Unvalidated input:
.Tainted parameters - Parameters users in URLs, HTTP headers,and forms are often used to control and validate access to sentitiveinformation.
-Cross-Site Scripting flaws:
.XSS takes advantage of a vulnerable web site to attack clientswho visit that web site. The most frequent goal is to steal thecredentials of users who visit the site.
-Content Injection flaws:
.SQL injection - SQL injection allows commands to be executeddirectly against the database, allowing disclosure and modification ofdata in the database
.XPath injection - XPath injection allows attacker to manipulate the data in the XML database
.Command injection - OS and platform commands can often beused to give attackers access to data and escalate privileges onbackend servers.
-Cross-site Request Forgeries
Security Vulnerabilities-Denial of Service
-Broken access control
-Broken session management (synchronization timing problems)
-Weak cryptographic functions, Non salt hash
Architectural/Logical Vulnerabilities-Information leakage
-Password change form disclosing detailed errors
-Session-idle deconstruction not consistent with policies
-Spend deposit before deposit funds are validated
Other vulnerabilities-Debug mode
-Hidden Form Field Manipulation
-Weak Session Cookies: Cookies are often used to transitsensitive credentials, and are often easily modified to escalate accessor assume another user's identify.
-Fail Open Authentication
-Dangers of HTML Comments
- Acunetix WVS by Acunetix
- AppScan DE by IBM/Watchfire, Inc.
- Hailstorm by Cenzic
- N-Stealth by N-Stalker
- NTOSpider by NTObjectives
- WebInspect by HP/SPI-Dynamics
- WebKing by Parasoft
- elanize's Security Scanner by Elanize KG
- MileScan Web Security Auditor by MileSCAN Tech
- Grabber by Romain Gaucher
- Grendel-Scan by David Byrne and Eric Duprey
- Nikto by Sullo
- Pantera by Simon Roses Femerling (OWASP Project)
- Paros by Chinotec
- Spike Proxy by Immunity (Now as OWASP Pantera)
- WebScarab by Rogan Dawes of Aspect Security (OWASP Project)
- Wapiti by Nicolas Surribas
- W3AF by Andres Riancho
A more complete list of tools is available in the OWASP Phoenix/Tools
Extraído de http://unlugarsinfin.blogspot.es