N-Stalker Web Application Security Scanner 2006 is a suite of Web security
assessment checks against various vulnerabilities and attacks. The tool carries
out assessment checks in three different stages: Development and QA;
Infrastructure & Deploy; and Audit & Pen-test analysis. The Development
and QA profile is useful for discovering vulnerabilities during the development
phase. It tests Web applications for common vulnerabilities such as XSS and SQL
injection, Buffer Overflow and Parameter Tampering.
The Infrastructure & Deploy profile scans your Web server infrastructure
using its Web Attack Signatures database and can be helpful in detecting
vulnerabilities and fixing them during deployment. In the Audit & Pen-test
profile, the tool audits your production-level Web applications and Web server
by periodically combining the component-oriented Web Application Security
Assessment and the 'N-Stealth HTTP Vulnerabilities Database.'
Applies To: Web security managers Price: Enterprise Edition: $699 for single IP license for 1 year USP: A suite of security assessment checks for Web Apps Primary Link: www.nstalker.com Google Keywords: Web security assessment |
Under every profile it has a lot of policies, which can be chosen according
to the scan you want to perform. You can also create your own policies or edit
the existing ones. You can use N-Stalker to scan a single Web server, an IP
range or simply the Web app files. It checks Web apps for custom design errors,
cookie exposure checks, Web server exposure, file and directory exposure checks,
confidentiality exposure checks and Web signature attacks. Its Report Manager
can compare all scan reports, which can be saved in HTML, RTF and PDF formats.
Using N-Stalker
To perform a scan, click on 'Scan wizard' in the main window and then on
Infrastructure/Deploy Scan. Next, it will ask you to choose a policy. Here
choose 'Complete Web Server Pen-test' and provide the URL of the Web
application you want to scan. Click on 'Start Scan' to start the Pen-test.
In the new window, click on Play to start the scan. While the scan is in
progress, you can see statistical details, details of objects found and the
various logs. Once the scan is over, click on Events List tab.
Here you can see details about vulnerabilities found during the test. When
you click on a vulnerability, details such as Bugtraq ID, vulnerability class,
level of severity, online references of the vulnerability and solutions are
shown. To see the request and response details of the vulnerability found, click
on 'See Request Details.' A new window will open where you can see HTTP
request and response details in Text, Browser, and Hex View of the
vulnerability.
Once a vulnerability has been found, N-Stalker cautions you about its effects and provides Web references for the threat |
In the Events List you can see information about the objects found on the
website-Scripts, Web Forms, E-mails, Broken Pages, etc. After the scanning is
over, N-stalker will ask whether you want to generate reports or not. If yes, it
will generate reports and also open the Report Manager where they can be viewed.