SANDCAT THE WEB APPLICATION SECURITY ASSESSMENT SUITE WHAT IS SANDCAT? MAIN COMPONENTS. Web Application Security



Similar documents
MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

STATE OF WASHINGTON DEPARTMENT OF SOCIAL AND HEALTH SERVICES P.O. Box 45810, Olympia, Washington October 21, 2013

Web Application Report

Adobe Systems Incorporated

(WAPT) Web Application Penetration Testing

Web Vulnerability Assessment Report

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

IJMIE Volume 2, Issue 9 ISSN:

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

Web Application Security 101

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Intrusion detection for web applications

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Attack Vector Detail Report Atlassian

Chapter 1 Web Application (In)security 1

WordPress Security Scan Configuration

Web Application Vulnerability Testing with Nessus

Web Application Security

ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST

Payment Card Industry (PCI) Data Security Standard

State of The Art: Automated Black Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell

NSFOCUS Web Vulnerability Scanning System

JOOMLA SECURITY. ireland website design. by Oliver Hummel. ADDRESS Unit 12D, Six Cross Roads Business Park, Waterford City

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Adobe ColdFusion. Secure Profile Web Application Penetration Test. July 31, Neohapsis 217 North Jefferson Street, Suite 200 Chicago, IL 60661

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

Application Security Testing

Data Breaches and Web Servers: The Giant Sucking Sound

Web Vulnerability Scanner by Using HTTP Method

Web Application Firewalls Evaluation and Analysis. University of Amsterdam System & Network Engineering MSc

Basic & Advanced Administration for Citrix NetScaler 9.2

Web Application Vulnerability Assessment

Arrow ECS University 2015 Radware Hybrid Cloud WAF Service. 9 Ottobre 2015

The Top Web Application Attacks: Are you vulnerable?

HackMiami Web Application Scanner 2013 PwnOff

Hardening Joomla 1. HARDENING PHP. 1.1 Installing Suhosin. 1.2 Disable Remote Includes. 1.3 Disable Unneeded Functions & Classes

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Security Testing Cookbook*

SAST, DAST and Vulnerability Assessments, = 4

Executive Summary On IronWASP

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Using Nessus In Web Application Vulnerability Assessments

Where every interaction matters.

CS 558 Internet Systems and Technologies

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Last update: February 23, 2004

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

Web application testing

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

What is Web Security? Motivation

Application Code Development Standards

2,000 Websites Later Which Web Programming Languages are Most Secure?

MatriXay Database Vulnerability Scanner V3.0

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Rational AppScan & Ounce Products

Web App Security Audit Services

Web Application Security

Security Products Development. Leon Juranic

OWASP AND APPLICATION SECURITY

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

EVADING ALL WEB-APPLICATION FIREWALLS XSS FILTERS

Threat Modeling. Categorizing the nature and severity of system vulnerabilities. John B. Dickson, CISSP

We protect you applications! No, you don t. Digicomp Hacking Day 2013 May 16 th 2013

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Implementation of Web Application Firewall

Reducing the Cost and Complexity of Web Vulnerability Management

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

Common Security Vulnerabilities in Online Payment Systems

Detection of SQL Injection and XSS Vulnerability in Web Application

Web Application Security

Top 10 Web Application Security Vulnerabilities - with focus on PHP

Cross-Site Scripting

Copyright Watchfire Corporation. All Rights Reserved.

Secure development and the SDLC. Presented By Jerry

Mavituna Security Ltd. Finance House, 522A Uxbridge Rd. Pinner. HA5 3PU / UK

HTTPParameter Pollution. ChrysostomosDaniel

Magento Security and Vulnerabilities. Roman Stepanov

Hacker Intelligence Initiative, Monthly Trend Report #17

WEB APPLICATION VULNERABILITY STATISTICS (2013)

The New PCI Requirement: Application Firewall vs. Code Review

The Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA

How To Fix A Web Application Security Vulnerability

Open Web Application Security Project Open source advocacy group > web security Projects dedicated to security on the web

Reducing the Cost and Complexity of Web Vulnerability Management

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Programming Flaws and How to Fix Them

Web Application Security How to Minimize Prevalent Risk of Attacks

Architecture of a new DDoS and Web attack Mitigation System for Data Center

Transcription:

SANDCAT WHAT IS SANDCAT? THE WEB APPLICATION SECURITY ASSESSMENT SUITE Sandcat is a hybrid multilanguage web application security assessment suite - a software suite that simulates web-based attacks. Sandcat proactively guards an organization's Web infrastructure against web application security threats, finding existing vulnerabilities before the hackers. Today's Sandcat hybrid capabilities allows organizations to: Pen-test websites, scanning live web applications for multiple classes of vulnerabilities - an approach known as blackbox which equals to the hacker's perspective. Scan the source of web applications for the same classes of vulnerabilities - an internal code review (also known as whitebox). Combine both approaches, performing what is known as hybrid analysis (or greybox) Vulnerability Coverage Sandcat's extensive vulnerability coverage is the result of years of research - a total of 29 thousand web vulnerabilities were researched by Syhunt. Sandcat currently performs: Over 460 remote web application security checks in over 24 categories of web attacks - including: o XSS (Cross-Site Scripting), SQL Injection, File Inclusion, Command Execution, etc. o OWASP's Top Ten Most Critical Web Application Security Vulnerabilities & PHP Top 5 Vulnerabilities Over 300 source checks, covering several types of web security attacks Thousands of additional remote checks for vulnerabilities affecting specific web application/servers (Example: StatPressCN Plugin for Wordpress wp-admin/admin.php Multiple Parameter XSS - CVE-2011-0641) MAIN COMPONENTS Remote Scanner Performs deep web crawling (spidering), automatically mapping an entire web site structure and running injection and directory brute force checks Includes a HTML5-aware spider and JavaScript emulation capabilities Scans any type of web application Some of the key technologies supported by Sandcat Source Scanner Scans the source code of web applications written in PHP, JSP & ASP.NET/Classic ASP for vulnerabilities Identifies key areas of the code, such as key HTML tags, AJAX / JavaScript, entry points and interesting keywords Sandcat 4.2 running under Windows 7

KEY PRODUCT FEATURES Concurrency/Scan Queue Support - Multiple security scans can be queued and the number of threads can be adjusted. Deep Crawling - Runs security tests against web pages discovered by crawling a single URL or a set of URLs provided by the user. Advanced Injection - Maps the entire web site structure (all links, forms, XHR requests and other entry points) and tries to find custom, unique vulnerabilities by simulating a wide range of attacks/sending thousands of requests (mostly GET and POST). Tests for SQL Injection, XSS, File Inclusion and many other web application vulnerability classes. Browser Emulation - Handles complex, large web sites and automatically adapts to different web environments and technologies. CVE & CWE-Compatible - Sandcat fully supports CVE & CWE. It makes the list of CVE-compatible products and services provided by the Mitre Corporation who created the standard. Local or Remote Storage - Scan results are saved locally (on the disk) or remotely (in the Sandcat web server). Results can be converted at any time to HTML or multiple other available formats. IPv6-Compatible - Allows to scan IPv6 addresses. Sandcat Console (Mini Edition) running under Windows 7 In addition to its GUI (Graphical User Interface) functionalities, Sandcat offers an easy to use command-line interface and a web-interface. REPORT GENERATION Sandcat comes with the ability to generate a report containing details about the vulnerabilities. After examining the application's response to the attacks, if the target URL is found vulnerable, it gets added to the report. Sandcat's reports also contain charts, statistics and compliance information. Syhunt offers a set of report templates tailored for different audiences. A Sandcat report usually includes: Full vulnerability information and references - CVE, NVD, CWE, Bugtraq & OSVDB Compliance Information - Such as OWASP Top 10, PHP Top 5, CWE/SANS Top 25, Payment Card Industry (PCI), etc. Reports generated by Sandcat Pro can include full vulnerability info, charts and more. Currently, Sandcat is able to generate reports and export data in several formats - including HTML, PDF, XML, Text, CSV, RTF, XLS, DOC & NBE, or your own custom format. Sandcat also includes the ability to automatically email reports after a scan is completed. ADDITIONAL COMPONENTS Sandcat Browser - The first pen-test oriented web browser with extensions support Log Analyzer - Scans HTTP logs created by web servers for intrusion attempts Hardener - Scans Apache and PHP configuration files for weak security settings Gelo - A Lua extension library that aims to simplify and accelerate the development of exploit-oriented tools. Gelo is currently being used to build extensions in Sandcat.

THE WAVSEP COMPARISON Sandcat was included in the WAVSEP independent web application scanner accuracy tests produced by Shay Chen, an application security consultant. The WAVSEP (Web Application Vulnerability Scanner Evaluation Project) is the most comprehensive ever made (a total of 43 tools were included). Previous comparisons in the field were unable to cover free and open source scanners. The WAVSEP results were published in December 2010. How did Sandcat go? Cross-Site Scripting (XSS) Sandcat scored a near 100 percent XSS detection rate, detecting: 100% (33 of 33) of the GET-based XSS vulnerabilities 96% (32 of 33) of the POST-based vulnerabilities Other black-box scanning tools covered in the tests scored below 63% (missed almost 40% of the vulnerabilities). Many, including popular open source tools, scored near or below 30% SQL Injection (SQLi) Sandcat scored a 100 percent error-based SQL Injection detection rate. Sandcat also excelled at identifying an additional large set of 80 error-based SQL Injection vulnerabilities (detected 100% of the vulnerabilities, both GET-based and POST-based). Sandcat scored such high detection rates running at half its capabilities. It's white-box (source) scanning capabilities were not covered in the tests. Note: The WAVSEP project environment, containing hundreds of scenarios/vulnerable web pages used to produce the tests, was made available open source to the information security community through the Google Code website at http://code.google.com/p/wavsep/. For more information about Sandcat, visit www.syhunt.com.

SANDCAT SCANNER CHECKS APPLICATION CHECKS (REMOTE / BLACK-BOX) Sandcat includes checks for a extremely wide array of different web application security threats, as shown below. Backup Files Common Exposures o Dangerous Methods o Default Content o Internal IP Address Disclosure Common Files and Folders Common Vulnerable Scripts o ASP & ASP.Net o PHP o JSP o Perl Email Form Hijacking Old/Backup Files o Common Backup Folders & Files Outdated Server Software Path Disclosure Source Code Disclosure Suspicious HTML Comments Unencrypted Login Web-Based Backdoors Compliance o OWASP Top 10 o PHP Top 5 o CWE/SANS Top 25 o WASC Threat Classification Fault Injection (See below) o Parameter Tampering o Form Field Manipulation Fault Injection Checks Buffer Overflow Cookie Manipulation Command Execution CRLF Injection Cross Frame Scripting Cross-Site Scripting (XSS) o XSS Filter Evasion Default Account Directory Listing Directory Traversal File Inclusion (Local & Remote) Information Disclosure LDAP Injection MX Injection Password Disclosure Path Disclosure PHP Code Injection Server-Specific Vulnerabilities o IIS o iplanet o Others Source Code Disclosure SQL Injection (Error-Based & Blind) o Access o DB2 o Firebird/InterBase o Informix o MySQL o Oracle o PostgreSQL o SQL Server o SQLite o Sybase o Others XPath Injection Miscellaneous Supports any web server platform.

APPLICATION CHECKS (SOURCE / WHITE-BOX) Sandcat now also includes the ability to scan the source code of your web applications for multiple classes of application vulnerabilities. Arbitrary File Manipulation Command Execution Cross-Site Scripting (XSS) File Inclusion (Local & Remote) HTTP Response Splitting SQL Injection (Error-Based & Blind) o DB2 & dbx o Firebird/InterBase o FrontBase o Informix o Ingres o MaxDB o msql o MySQL o Oracle o Ovrimos o PostgreSQL o SQL Server & SQLite o Swish & Sybase Weak Validation Key HTML Tags Key AJAX / JavaScript Entry Points - User Input Entry Points - Indirect User Input Interesting Keywords Compliance o OWASP PHP Top 5 Configuration Hardening o Apache o PHP Supports ASP*/ASP.NET*, PHP & JSP*. (*) indicates initial or beta support SERVER CHECKS (REMOTE / BLACK-BOX) Checks for vulnerabilities affecting known web applications and servers Admin Pages CGI, CGI-Bin & CGI-Local Folders CGI-Sys CGI Scripts Common Files and Folders Common Server Vulnerabilities Cisco IOS ColdFusion Domino & NSF IIS NCSA FrontPage / FrontPage CGI Other Servers & Add-Ons Common Vulnerable Scripts o ASP & ASP.Net o PHP o JSP o Perl (PL) Compliance o CWE/SANS Top 25 o WASC Threat Classification Database Disclosure Denial-of-Service IDS Testing Old/Backup Files o Common Backup Folders & Files Outdated Server Software Web-Based Backdoors WinCGI

MULTI-LAYER DEFENSE EVASION The Multi-Layer Defense Evasion is the ability of Sandcat to combine multiple techniques aimed at a wide array of security mechanisms to perform stealthy tests. Today's Sandcat defense evasion feature set includes: Anti-XSS Filters evasion - Bypasses regular expression filters used against XSS. UTF8-Decode - Ability to take advantage of UTF8-Decode problems to evade filters when performing injection checks. Signature-Based Web Honeypot & Application Firewall Detection Common IDS evasion techniques (over 10 techniques) Multiple WAF and IDS evasion techniques, targeting specifically: o mod_security o PHP-IDS OWASP TOP 10 CHECKS The OWASP Top Ten is a list of vulnerabilities that require immediate remediation. Existing code should be checked for these vulnerabilities immediately, as these flaws are being actively targeted by attackers. The OWASP Foundation encourage companies to adopt the OWASP Top Ten as a minimum standard for securing web applications. SANS TOP 20 CHECKS The SANS Top 20 includes step-by-step instructions and pointers to additional information useful for correcting the security flaws. The SANS Institute updates the list and the instructions as more critical threats and more current or convenient methods of protection are identified. It is a community consensus document. COMPLIANCE Sandcat helps organizations address the most pressing compliance issues such as: Health Insurance Portability and Accountability Act (HIPAA): The Sandcat solution allows healthcare organizations to perform assessment of web applications and portals to identify areas of possible vulnerability to data disclosure, denial of service attacks or system compromise. Gramm-Leach-Bliley (GLBA)/Payment Card Industry (PCI) Data Security Standard/CA-SB1: Financial organizations can harden home banking, customer service, ecommerce and other web-based applications and deployments. Sarbanes-Oxley: Executive management systems can be assessed and data integrity risks can be mitigated through the use of Sandcat against web-based interfaces. For more information about Sandcat Checks, visit www.syhunt.com/sandcat/docs.php?n=main.checks

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information