Tara and Orcun
Download
Report
Transcript Tara and Orcun
By Tara Lingle and Orcun Tagtekin
CAP6135 – Malware and Software Vulnerability Analysis
Web Application Vulnerability Scanning searches for
software vulnerabilities within web applications:
-
Web Application Security (Scripting issues)
Technical Vulnerabilities (Cross-site Scripting)
Security Vulnerabilities (Denial of Service)
Architectural/Logical Vulnerabilities (Information Leakage)
Can be used to help identify potential security
vulnerabilities within commercial and proprietary
based web applications.
Frequently used in both the pre-deployment and postdeployment test cycles.
CAP6135 – Malware and Software Vulnerability Analysis
The goal of this project is to explore both the
commercial and open source web application
vulnerability scanners that currently exist and
determine which one(s) we would recommend
to an organization.
-
-
Evaluate leading commercial products, to include features,
strengths and weaknesses
Compare our findings with other research
Review a number of open source tools available
Decide how the commercial products compare against the open
source tools
CAP6135 – Malware and Software Vulnerability Analysis
CAP6135 – Malware and Software Vulnerability Analysis
Limited number of false positives and false negatives
Ability to customize configuration options for internal
needs
Covers all major platforms (Java, JavaScript, PHP, ASP,
ASP.NET), including dynamic content
Ease of use for non-security professionals
Powerful, automated scanning engine that can handle
complexities by default (i.e. minimal manual
intervention)
CAP6135 – Malware and Software Vulnerability Analysis
Vendor Support
Tests both application vulnerabilities and known web
server vulnerabilities
Usable reports and data
Maintenance/upgrade costs
Expandability for future needs of the organization
Can obtain periodic updates as new vulnerabilities are
introduced
CAP6135 – Malware and Software Vulnerability Analysis
Acunetix Web Vulnerability Scanner by
Acunetix
AppScan by IBM/Watchfire, Inc.
WebInspect by HP/SPI-Dynamics
Hailstorm by Cenzic
CAP6135 – Malware and Software Vulnerability Analysis
Web Application Vulnerability Scanning Software - Comparison of Strengths/Weaknesses
Product
AppScan (IBM)
Web Vulnerability Scanner
(Acunetix)
WebInspect (HP)
Hailstorm (Cenzic)
Strengths
Design and Ease of Use
Documentation and Help
Files
Ease in manual
adjustments/administration
Reports
Ability to map and scan Ajax
applications (client-side
functionality)
CAP6135 – Malware and Software Vulnerability Analysis
Web Application Vulnerability Software - Comparison of Strengths/Weaknesses
Product
AppScan (IBM)
Web Vulnerability Scanner
(Acunetix)
WebInspect (HP)
Hailstorm (Cenzic)
Weaknesses
Prevalence of False
Positives
Prevalence of False
Negatives
Documentation and Help
Files
Reports
Ability to map and scan Ajax
applications (client-side
functionality)
Pricing
License/Support
CAP6135 – Malware and Software Vulnerability Analysis
CAP6135 – Malware and Software Vulnerability Analysis
What are the trade-offs of using an open source tool over
a commercial product?
Do any of them meet the requirements statement
outlined?
CAP6135 – Malware and Software Vulnerability Analysis
Nikto by Sullo
Paros by Chinotec
WebScarab by Rogan Dawes
Grabber by Romain Gaucher
Grendel-Scan by David Byrne and Eric Duprey
Pantera by Simon Roses Femerling
Powerfuzzer by Marcin Kozlowski
Scuba by Imperva
Wapiti by Nicolas Surribas
CAP6135 – Malware and Software Vulnerability Analysis
CAP6135 – Malware and Software Vulnerability Analysis