https://wiki.owasp.org/api.php?action=feedcontributions&feedformat=atom&user=Dhruv+Jain
OWASP - User contributions [en]
2026-05-01T21:08:30Z
User contributions
MediaWiki 1.27.2
https://wiki.owasp.org/index.php?title=OWASP_HA_Vulnerability_Scanner_Project&diff=158056
OWASP HA Vulnerability Scanner Project
2013-09-08T08:59:45Z
<p>Dhruv Jain: </p>
<hr />
<div>=Main=<br />
'''If you wish to be a part of this Project Team , contact Project Leader'''<br />
<br />
<br />
Spider Module Completed.Added Random time interval between requests and proxy.<br />
--[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 03:59, 8 September 2013 (CDT)<br />
<br />
<br />
<br />
<br />
'''EXPECTED FEATURES:'''<br />
<br />
''Note: Some of these features maybe scraped off depending on the feasibility of application''<br />
<br />
<br />
'''»Web Spider Module'''<br />
<br />
<br />
'''»Custom Design Errors'''<br />
<br />
Cross-site Script Injection Module<br />
<br />
Database Tampering – SQL Injection Module, including:<br />
<br />
- Direct mode<br />
<br />
- Blind mode<br />
<br />
Buffer & Integer Overflow attack Module<br />
<br />
Format String attack Module<br />
<br />
File & Directories Tampering Module, including:<br />
<br />
- Backup Files Discovery<br />
<br />
- Configuration Files Discovery<br />
<br />
- Password Files Discovery<br />
<br />
- Information Leakage Discovery<br />
<br />
Parameter Tampering Module, including:<br />
<br />
- Special Parameter Addition attacks<br />
<br />
- Boolean Parameter Tampering attacks<br />
<br />
- Hidden Parameter Discovery<br />
<br />
- Parameter Deletion attacks<br />
<br />
- Remote Execution attacks<br />
<br />
- File & Directory traversal attacks<br />
<br />
- Header Splitting & CRLF Injection attacks<br />
<br />
- Remote File Include PHP-based attacks<br />
<br />
Check for Suspicious Values in Web Form Hidden Fields<br />
<br />
Custom Signature Check (via Signature Editor)<br />
<br />
<br />
'''»Web Server Exposure'''<br />
<br />
Web Server structure Analysis Module, including:<br />
<br />
- Web Server & Platform version vulnerabilities<br />
<br />
- SSL encryption and X.509 certificate vulnerabilities<br />
<br />
- HTTP Method Discovery Module<br />
<br />
- HTTP Fingerprint Module, including:<br />
<br />
- Web Server Fingerprint Module<br />
<br />
- Web Server technology Discovery Module<br />
<br />
- Directory Brute-Force<br />
<br />
- HTTP Protocol vulnerabilities<br />
<br />
<br />
'''»Web Signature Attacks'''<br />
<br />
Web Attack Signatures Module, including:<br />
<br />
- IIS CGI Decode Test<br />
<br />
- IIS Extended Unicode Test<br />
<br />
- IIS File Parsing Test<br />
<br />
- FrontPage Security Test<br />
<br />
- Lotus Domino Security Test<br />
<br />
- General CGI Security Test<br />
<br />
- HTTP Devices Security Test (routers, switches)<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- PHP Web Application Security Test<br />
<br />
- ASP Web Application Security Test<br />
<br />
- J2EE Web Application Security Test<br />
<br />
- Coldfusion Web Application Security Test<br />
<br />
Attack templates such as:<br />
<br />
- Complete, SANS/FBI Top10, Top20<br />
<br />
<br />
'''»Confidentiality Exposure Checks'''<br />
<br />
Look for Web forms vulnerabilities, including:<br />
<br />
- Password cache feature<br />
<br />
- Insecure method for sending data<br />
<br />
- Lack of Encryption for sensitive data<br />
<br />
- Insecure location to send data (leakage)<br />
<br />
- Find directory listing<br />
<br />
- Find available objects to download<br />
<br />
- Find meta-tag leakage<br />
<br />
- Find sensitive keywords in comments and scripts<br />
<br />
Compliance analysis, including:<br />
<br />
- Find Copyright statements<br />
<br />
- Find content rating statements<br />
<br />
- Find custom content on web pages and forms<br />
<br />
<br />
'''»Cookie Exposure Checks'''<br />
<br />
Cookie Security Analysis Module, including:<br />
<br />
- Find weakness in cookie information<br />
<br />
- Find cookies sent without encryption<br />
<br />
- Find information leakage in cookie information<br />
<br />
- Find cookies vulnerable to malicious client-side script<br />
<br />
<br />
'''»File & Directory Exposure Checks'''<br />
<br />
Search for backup files<br />
<br />
Search for information leakage files<br />
<br />
Search for configuration files<br />
<br />
Search for password files <br />
<br />
<br />
--[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 19:45, 17 August 2013 (CDT)<br />
<br />
----<br />
<br />
<br />
<br />
=Project About=<br />
<br />
{{:Projects/OWASP_HA_Vulnerability_Scanner_Project}} <br />
<br />
<br />
[[Category:OWASP Project]]</div>
Dhruv Jain
https://wiki.owasp.org/index.php?title=OWASP_HA_Vulnerability_Scanner_Project&diff=156959
OWASP HA Vulnerability Scanner Project
2013-08-18T04:25:45Z
<p>Dhruv Jain: </p>
<hr />
<div>=Main=<br />
'''If you wish to be a part of this Project Team , contact Project Leader'''<br />
<br />
1.8.2013 --> Spider nearly completed<br />
<br />
18.8.2013 --> Initial Design Ready.Check it out here - <br />
<br />
http://i.imgur.com/y4HUNLi.png<br />
<br />
<br />
'''EXPECTED FEATURES:'''<br />
<br />
''Note: Some of these features maybe scraped off depending on the feasibility of application''<br />
<br />
<br />
'''»Web Spider Module'''<br />
<br />
<br />
'''»Custom Design Errors'''<br />
<br />
Cross-site Script Injection Module<br />
<br />
Database Tampering – SQL Injection Module, including:<br />
<br />
- Direct mode<br />
<br />
- Blind mode<br />
<br />
Buffer & Integer Overflow attack Module<br />
<br />
Format String attack Module<br />
<br />
File & Directories Tampering Module, including:<br />
<br />
- Backup Files Discovery<br />
<br />
- Configuration Files Discovery<br />
<br />
- Password Files Discovery<br />
<br />
- Information Leakage Discovery<br />
<br />
Parameter Tampering Module, including:<br />
<br />
- Special Parameter Addition attacks<br />
<br />
- Boolean Parameter Tampering attacks<br />
<br />
- Hidden Parameter Discovery<br />
<br />
- Parameter Deletion attacks<br />
<br />
- Remote Execution attacks<br />
<br />
- File & Directory traversal attacks<br />
<br />
- Header Splitting & CRLF Injection attacks<br />
<br />
- Remote File Include PHP-based attacks<br />
<br />
Check for Suspicious Values in Web Form Hidden Fields<br />
<br />
Custom Signature Check (via Signature Editor)<br />
<br />
<br />
'''»Web Server Exposure'''<br />
<br />
Web Server structure Analysis Module, including:<br />
<br />
- Web Server & Platform version vulnerabilities<br />
<br />
- SSL encryption and X.509 certificate vulnerabilities<br />
<br />
- HTTP Method Discovery Module<br />
<br />
- HTTP Fingerprint Module, including:<br />
<br />
- Web Server Fingerprint Module<br />
<br />
- Web Server technology Discovery Module<br />
<br />
- Directory Brute-Force<br />
<br />
- HTTP Protocol vulnerabilities<br />
<br />
<br />
'''»Web Signature Attacks'''<br />
<br />
Web Attack Signatures Module, including:<br />
<br />
- IIS CGI Decode Test<br />
<br />
- IIS Extended Unicode Test<br />
<br />
- IIS File Parsing Test<br />
<br />
- FrontPage Security Test<br />
<br />
- Lotus Domino Security Test<br />
<br />
- General CGI Security Test<br />
<br />
- HTTP Devices Security Test (routers, switches)<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- PHP Web Application Security Test<br />
<br />
- ASP Web Application Security Test<br />
<br />
- J2EE Web Application Security Test<br />
<br />
- Coldfusion Web Application Security Test<br />
<br />
Attack templates such as:<br />
<br />
- Complete, SANS/FBI Top10, Top20<br />
<br />
<br />
'''»Confidentiality Exposure Checks'''<br />
<br />
Look for Web forms vulnerabilities, including:<br />
<br />
- Password cache feature<br />
<br />
- Insecure method for sending data<br />
<br />
- Lack of Encryption for sensitive data<br />
<br />
- Insecure location to send data (leakage)<br />
<br />
- Find directory listing<br />
<br />
- Find available objects to download<br />
<br />
- Find meta-tag leakage<br />
<br />
- Find sensitive keywords in comments and scripts<br />
<br />
Compliance analysis, including:<br />
<br />
- Find Copyright statements<br />
<br />
- Find content rating statements<br />
<br />
- Find custom content on web pages and forms<br />
<br />
<br />
'''»Cookie Exposure Checks'''<br />
<br />
Cookie Security Analysis Module, including:<br />
<br />
- Find weakness in cookie information<br />
<br />
- Find cookies sent without encryption<br />
<br />
- Find information leakage in cookie information<br />
<br />
- Find cookies vulnerable to malicious client-side script<br />
<br />
<br />
'''»File & Directory Exposure Checks'''<br />
<br />
Search for backup files<br />
<br />
Search for information leakage files<br />
<br />
Search for configuration files<br />
<br />
Search for password files <br />
<br />
<br />
--[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 19:45, 17 August 2013 (CDT)<br />
<br />
----<br />
<br />
<br />
<br />
=Project About=<br />
<br />
{{:Projects/OWASP_HA_Vulnerability_Scanner_Project}} <br />
<br />
<br />
[[Category:OWASP Project]]</div>
Dhruv Jain
https://wiki.owasp.org/index.php?title=OWASP_HA_Vulnerability_Scanner_Project&diff=156955
OWASP HA Vulnerability Scanner Project
2013-08-18T00:45:58Z
<p>Dhruv Jain: </p>
<hr />
<div>=Main=<br />
Project has been started.Developed scan initiator.<br />
<br />
1.8.2013 --> Spider nearly completed<br />
<br />
18.8.2013 --> Initial Design Ready.Check it out here - <br />
<br />
http://i.imgur.com/y4HUNLi.png<br />
<br />
<br />
'''EXPECTED FEATURES:'''<br />
<br />
''Note: Some of these features maybe scraped off depending on the feasibility of application''<br />
<br />
<br />
'''»Web Spider Module'''<br />
<br />
<br />
'''»Custom Design Errors'''<br />
<br />
Cross-site Script Injection Module<br />
<br />
Database Tampering – SQL Injection Module, including:<br />
<br />
- Direct mode<br />
<br />
- Blind mode<br />
<br />
Buffer & Integer Overflow attack Module<br />
<br />
Format String attack Module<br />
<br />
File & Directories Tampering Module, including:<br />
<br />
- Backup Files Discovery<br />
<br />
- Configuration Files Discovery<br />
<br />
- Password Files Discovery<br />
<br />
- Information Leakage Discovery<br />
<br />
Parameter Tampering Module, including:<br />
<br />
- Special Parameter Addition attacks<br />
<br />
- Boolean Parameter Tampering attacks<br />
<br />
- Hidden Parameter Discovery<br />
<br />
- Parameter Deletion attacks<br />
<br />
- Remote Execution attacks<br />
<br />
- File & Directory traversal attacks<br />
<br />
- Header Splitting & CRLF Injection attacks<br />
<br />
- Remote File Include PHP-based attacks<br />
<br />
Check for Suspicious Values in Web Form Hidden Fields<br />
<br />
Custom Signature Check (via Signature Editor)<br />
<br />
<br />
'''»Web Server Exposure'''<br />
<br />
Web Server structure Analysis Module, including:<br />
<br />
- Web Server & Platform version vulnerabilities<br />
<br />
- SSL encryption and X.509 certificate vulnerabilities<br />
<br />
- HTTP Method Discovery Module<br />
<br />
- HTTP Fingerprint Module, including:<br />
<br />
- Web Server Fingerprint Module<br />
<br />
- Web Server technology Discovery Module<br />
<br />
- Directory Brute-Force<br />
<br />
- HTTP Protocol vulnerabilities<br />
<br />
<br />
'''»Web Signature Attacks'''<br />
<br />
Web Attack Signatures Module, including:<br />
<br />
- IIS CGI Decode Test<br />
<br />
- IIS Extended Unicode Test<br />
<br />
- IIS File Parsing Test<br />
<br />
- FrontPage Security Test<br />
<br />
- Lotus Domino Security Test<br />
<br />
- General CGI Security Test<br />
<br />
- HTTP Devices Security Test (routers, switches)<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- PHP Web Application Security Test<br />
<br />
- ASP Web Application Security Test<br />
<br />
- J2EE Web Application Security Test<br />
<br />
- Coldfusion Web Application Security Test<br />
<br />
Attack templates such as:<br />
<br />
- Complete, SANS/FBI Top10, Top20<br />
<br />
<br />
'''»Confidentiality Exposure Checks'''<br />
<br />
Look for Web forms vulnerabilities, including:<br />
<br />
- Password cache feature<br />
<br />
- Insecure method for sending data<br />
<br />
- Lack of Encryption for sensitive data<br />
<br />
- Insecure location to send data (leakage)<br />
<br />
- Find directory listing<br />
<br />
- Find available objects to download<br />
<br />
- Find meta-tag leakage<br />
<br />
- Find sensitive keywords in comments and scripts<br />
<br />
Compliance analysis, including:<br />
<br />
- Find Copyright statements<br />
<br />
- Find content rating statements<br />
<br />
- Find custom content on web pages and forms<br />
<br />
<br />
'''»Cookie Exposure Checks'''<br />
<br />
Cookie Security Analysis Module, including:<br />
<br />
- Find weakness in cookie information<br />
<br />
- Find cookies sent without encryption<br />
<br />
- Find information leakage in cookie information<br />
<br />
- Find cookies vulnerable to malicious client-side script<br />
<br />
<br />
'''»File & Directory Exposure Checks'''<br />
<br />
Search for backup files<br />
<br />
Search for information leakage files<br />
<br />
Search for configuration files<br />
<br />
Search for password files <br />
<br />
<br />
--[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 19:45, 17 August 2013 (CDT)<br />
<br />
----<br />
<br />
<br />
<br />
=Project About=<br />
<br />
{{:Projects/OWASP_HA_Vulnerability_Scanner_Project}} <br />
<br />
<br />
[[Category:OWASP Project]]</div>
Dhruv Jain
https://wiki.owasp.org/index.php?title=OWASP_HA_Vulnerability_Scanner_Project&diff=156954
OWASP HA Vulnerability Scanner Project
2013-08-18T00:45:20Z
<p>Dhruv Jain: </p>
<hr />
<div>=Main=<br />
Project has been started.Developed scan initiator.<br />
<br />
1.8.2013 --> Spider nearly completed<br />
18.8.2013 --> Initial Design Ready.Check it out here - http://i.imgur.com/y4HUNLi.png<br />
<br />
<br />
'''EXPECTED FEATURES:'''<br />
<br />
''Note: Some of these features maybe scraped off depending on the feasibility of application''<br />
<br />
<br />
'''»Web Spider Module'''<br />
<br />
<br />
'''»Custom Design Errors'''<br />
<br />
Cross-site Script Injection Module<br />
<br />
Database Tampering – SQL Injection Module, including:<br />
<br />
- Direct mode<br />
<br />
- Blind mode<br />
<br />
Buffer & Integer Overflow attack Module<br />
<br />
Format String attack Module<br />
<br />
File & Directories Tampering Module, including:<br />
<br />
- Backup Files Discovery<br />
<br />
- Configuration Files Discovery<br />
<br />
- Password Files Discovery<br />
<br />
- Information Leakage Discovery<br />
<br />
Parameter Tampering Module, including:<br />
<br />
- Special Parameter Addition attacks<br />
<br />
- Boolean Parameter Tampering attacks<br />
<br />
- Hidden Parameter Discovery<br />
<br />
- Parameter Deletion attacks<br />
<br />
- Remote Execution attacks<br />
<br />
- File & Directory traversal attacks<br />
<br />
- Header Splitting & CRLF Injection attacks<br />
<br />
- Remote File Include PHP-based attacks<br />
<br />
Check for Suspicious Values in Web Form Hidden Fields<br />
<br />
Custom Signature Check (via Signature Editor)<br />
<br />
<br />
'''»Web Server Exposure'''<br />
<br />
Web Server structure Analysis Module, including:<br />
<br />
- Web Server & Platform version vulnerabilities<br />
<br />
- SSL encryption and X.509 certificate vulnerabilities<br />
<br />
- HTTP Method Discovery Module<br />
<br />
- HTTP Fingerprint Module, including:<br />
<br />
- Web Server Fingerprint Module<br />
<br />
- Web Server technology Discovery Module<br />
<br />
- Directory Brute-Force<br />
<br />
- HTTP Protocol vulnerabilities<br />
<br />
<br />
'''»Web Signature Attacks'''<br />
<br />
Web Attack Signatures Module, including:<br />
<br />
- IIS CGI Decode Test<br />
<br />
- IIS Extended Unicode Test<br />
<br />
- IIS File Parsing Test<br />
<br />
- FrontPage Security Test<br />
<br />
- Lotus Domino Security Test<br />
<br />
- General CGI Security Test<br />
<br />
- HTTP Devices Security Test (routers, switches)<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- PHP Web Application Security Test<br />
<br />
- ASP Web Application Security Test<br />
<br />
- J2EE Web Application Security Test<br />
<br />
- Coldfusion Web Application Security Test<br />
<br />
Attack templates such as:<br />
<br />
- Complete, SANS/FBI Top10, Top20<br />
<br />
<br />
'''»Confidentiality Exposure Checks'''<br />
<br />
Look for Web forms vulnerabilities, including:<br />
<br />
- Password cache feature<br />
<br />
- Insecure method for sending data<br />
<br />
- Lack of Encryption for sensitive data<br />
<br />
- Insecure location to send data (leakage)<br />
<br />
- Find directory listing<br />
<br />
- Find available objects to download<br />
<br />
- Find meta-tag leakage<br />
<br />
- Find sensitive keywords in comments and scripts<br />
<br />
Compliance analysis, including:<br />
<br />
- Find Copyright statements<br />
<br />
- Find content rating statements<br />
<br />
- Find custom content on web pages and forms<br />
<br />
<br />
'''»Cookie Exposure Checks'''<br />
<br />
Cookie Security Analysis Module, including:<br />
<br />
- Find weakness in cookie information<br />
<br />
- Find cookies sent without encryption<br />
<br />
- Find information leakage in cookie information<br />
<br />
- Find cookies vulnerable to malicious client-side script<br />
<br />
<br />
'''»File & Directory Exposure Checks'''<br />
<br />
Search for backup files<br />
<br />
Search for information leakage files<br />
<br />
Search for configuration files<br />
<br />
Search for password files <br />
<br />
<br />
--[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 19:45, 17 August 2013 (CDT)<br />
<br />
----<br />
<br />
<br />
<br />
=Project About=<br />
<br />
{{:Projects/OWASP_HA_Vulnerability_Scanner_Project}} <br />
<br />
<br />
[[Category:OWASP Project]]</div>
Dhruv Jain
https://wiki.owasp.org/index.php?title=OWASP_HA_Vulnerability_Scanner_Project&diff=156322
OWASP HA Vulnerability Scanner Project
2013-08-01T12:42:01Z
<p>Dhruv Jain: </p>
<hr />
<div>=Main=<br />
Project has been started.Developed scan initiator.<br />
<br />
1.8.2013 --> Spider nearly completed<br />
<br />
<br />
<br />
'''EXPECTED FEATURES:'''<br />
<br />
''Note: Some of these features maybe scraped off depending on the feasibility of application''<br />
<br />
<br />
'''»Web Spider Module'''<br />
<br />
<br />
'''»Custom Design Errors'''<br />
<br />
Cross-site Script Injection Module<br />
<br />
Database Tampering – SQL Injection Module, including:<br />
<br />
- Direct mode<br />
<br />
- Blind mode<br />
<br />
Buffer & Integer Overflow attack Module<br />
<br />
Format String attack Module<br />
<br />
File & Directories Tampering Module, including:<br />
<br />
- Backup Files Discovery<br />
<br />
- Configuration Files Discovery<br />
<br />
- Password Files Discovery<br />
<br />
- Information Leakage Discovery<br />
<br />
Parameter Tampering Module, including:<br />
<br />
- Special Parameter Addition attacks<br />
<br />
- Boolean Parameter Tampering attacks<br />
<br />
- Hidden Parameter Discovery<br />
<br />
- Parameter Deletion attacks<br />
<br />
- Remote Execution attacks<br />
<br />
- File & Directory traversal attacks<br />
<br />
- Header Splitting & CRLF Injection attacks<br />
<br />
- Remote File Include PHP-based attacks<br />
<br />
Check for Suspicious Values in Web Form Hidden Fields<br />
<br />
Custom Signature Check (via Signature Editor)<br />
<br />
<br />
'''»Web Server Exposure'''<br />
<br />
Web Server structure Analysis Module, including:<br />
<br />
- Web Server & Platform version vulnerabilities<br />
<br />
- SSL encryption and X.509 certificate vulnerabilities<br />
<br />
- HTTP Method Discovery Module<br />
<br />
- HTTP Fingerprint Module, including:<br />
<br />
- Web Server Fingerprint Module<br />
<br />
- Web Server technology Discovery Module<br />
<br />
- Directory Brute-Force<br />
<br />
- HTTP Protocol vulnerabilities<br />
<br />
<br />
'''»Web Signature Attacks'''<br />
<br />
Web Attack Signatures Module, including:<br />
<br />
- IIS CGI Decode Test<br />
<br />
- IIS Extended Unicode Test<br />
<br />
- IIS File Parsing Test<br />
<br />
- FrontPage Security Test<br />
<br />
- Lotus Domino Security Test<br />
<br />
- General CGI Security Test<br />
<br />
- HTTP Devices Security Test (routers, switches)<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- PHP Web Application Security Test<br />
<br />
- ASP Web Application Security Test<br />
<br />
- J2EE Web Application Security Test<br />
<br />
- Coldfusion Web Application Security Test<br />
<br />
Attack templates such as:<br />
<br />
- Complete, SANS/FBI Top10, Top20<br />
<br />
<br />
'''»Confidentiality Exposure Checks'''<br />
<br />
Look for Web forms vulnerabilities, including:<br />
<br />
- Password cache feature<br />
<br />
- Insecure method for sending data<br />
<br />
- Lack of Encryption for sensitive data<br />
<br />
- Insecure location to send data (leakage)<br />
<br />
- Find directory listing<br />
<br />
- Find available objects to download<br />
<br />
- Find meta-tag leakage<br />
<br />
- Find sensitive keywords in comments and scripts<br />
<br />
Compliance analysis, including:<br />
<br />
- Find Copyright statements<br />
<br />
- Find content rating statements<br />
<br />
- Find custom content on web pages and forms<br />
<br />
<br />
'''»Cookie Exposure Checks'''<br />
<br />
Cookie Security Analysis Module, including:<br />
<br />
- Find weakness in cookie information<br />
<br />
- Find cookies sent without encryption<br />
<br />
- Find information leakage in cookie information<br />
<br />
- Find cookies vulnerable to malicious client-side script<br />
<br />
<br />
'''»File & Directory Exposure Checks'''<br />
<br />
Search for backup files<br />
<br />
Search for information leakage files<br />
<br />
Search for configuration files<br />
<br />
Search for password files <br />
<br />
<br />
--[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 07:39, 1 August 2013 (CDT)<br />
<br />
----<br />
<br />
<br />
<br />
=Project About=<br />
<br />
{{:Projects/OWASP_HA_Vulnerability_Scanner_Project}} <br />
<br />
<br />
[[Category:OWASP Project]]</div>
Dhruv Jain
https://wiki.owasp.org/index.php?title=OWASP_HA_Vulnerability_Scanner_Project&diff=156321
OWASP HA Vulnerability Scanner Project
2013-08-01T12:40:04Z
<p>Dhruv Jain: Added Decided Features</p>
<hr />
<div>=Main=<br />
Project has been started.Developed scan initiator.<br />
<br />
1.8.2013 --> Spider nearly completed<br />
<br />
<br />
<br />
'''EXPECTED FEATURES:'''<br />
<br />
''Note: Some of these features maybe scraped off depending on the feasibility of application''<br />
<br />
<br />
'''»Web Spider Module'''<br />
<br />
<br />
'''»Custom Design Errors'''<br />
<br />
Cross-site Script Injection Module<br />
<br />
Database Tampering – SQL Injection Module, including:<br />
<br />
- Direct mode<br />
<br />
- Blind mode<br />
<br />
Buffer & Integer Overflow attack Module<br />
<br />
Format String attack Module<br />
<br />
File & Directories Tampering Module, including:<br />
<br />
- Backup Files Discovery<br />
<br />
- Configuration Files Discovery<br />
<br />
- Password Files Discovery<br />
<br />
- Information Leakage Discovery<br />
<br />
Parameter Tampering Module, including:<br />
<br />
- Special Parameter Addition attacks<br />
<br />
- Boolean Parameter Tampering attacks<br />
<br />
- Hidden Parameter Discovery<br />
<br />
- Parameter Deletion attacks<br />
<br />
- Remote Execution attacks<br />
<br />
- File & Directory traversal attacks<br />
<br />
- Header Splitting & CRLF Injection attacks<br />
<br />
- Remote File Include PHP-based attacks<br />
<br />
Check for Suspicious Values in Web Form Hidden Fields<br />
<br />
Custom Signature Check (via Signature Editor)<br />
<br />
<br />
'''»Web Server Exposure'''<br />
<br />
Web Server structure Analysis Module, including:<br />
<br />
- Web Server & Platform version vulnerabilities<br />
<br />
- SSL encryption and X.509 certificate vulnerabilities<br />
<br />
- HTTP Method Discovery Module<br />
<br />
- HTTP Fingerprint Module, including:<br />
<br />
- Web Server Fingerprint Module<br />
<br />
- Web Server technology Discovery Module<br />
<br />
- Directory Brute-Force<br />
<br />
- HTTP Protocol vulnerabilities<br />
<br />
<br />
'''»Web Signature Attacks'''<br />
<br />
Web Attack Signatures Module, including:<br />
<br />
- IIS CGI Decode Test<br />
<br />
- IIS Extended Unicode Test<br />
<br />
- IIS File Parsing Test<br />
<br />
- FrontPage Security Test<br />
<br />
- Lotus Domino Security Test<br />
<br />
- General CGI Security Test<br />
<br />
- HTTP Devices Security Test (routers, switches)<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- Windows-based CGI Security Test<br />
<br />
- PHP Web Application Security Test<br />
<br />
- ASP Web Application Security Test<br />
<br />
- J2EE Web Application Security Test<br />
<br />
- Coldfusion Web Application Security Test<br />
<br />
Attack templates such as:<br />
<br />
- Complete, SANS/FBI Top10, Top20<br />
<br />
<br />
'''»Confidentiality Exposure Checks'''<br />
<br />
Look for Web forms vulnerabilities, including:<br />
<br />
- Password cache feature<br />
<br />
- Insecure method for sending data<br />
<br />
- Lack of Encryption for sensitive data<br />
<br />
- Insecure location to send data (leakage)<br />
<br />
- Find directory listing<br />
<br />
- Find available objects to download<br />
<br />
- Find meta-tag leakage<br />
<br />
- Find sensitive keywords in comments and scripts<br />
<br />
Compliance analysis, including:<br />
<br />
- Find Copyright statements<br />
<br />
- Find content rating statements<br />
<br />
- Find custom content on web pages and forms<br />
<br />
<br />
'''»Cookie Exposure Checks'''<br />
<br />
Cookie Security Analysis Module, including:<br />
- Find weakness in cookie information<br />
- Find cookies sent without encryption<br />
- Find information leakage in cookie information<br />
- Find cookies vulnerable to malicious client-side script<br />
<br />
<br />
'''»File & Directory Exposure Checks'''<br />
<br />
Search for backup files<br />
<br />
Search for information leakage files<br />
<br />
Search for configuration files<br />
<br />
Search for password files <br />
<br />
<br />
--[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 07:39, 1 August 2013 (CDT)<br />
<br />
----<br />
<br />
<br />
<br />
=Project About=<br />
<br />
{{:Projects/OWASP_HA_Vulnerability_Scanner_Project}} <br />
<br />
<br />
[[Category:OWASP Project]]</div>
Dhruv Jain
https://wiki.owasp.org/index.php?title=OWASP_HA_Vulnerability_Scanner_Project&diff=156275
OWASP HA Vulnerability Scanner Project
2013-07-31T02:44:15Z
<p>Dhruv Jain: </p>
<hr />
<div>=Main=<br />
Project has beeen started.Currently developing Spider to get links of all the pages<br />
<br />
=Project About=<br />
{{:Projects/OWASP_HA_Vulnerability_Scanner_Project}} <br />
<br />
[[Category:OWASP Project]]</div>
Dhruv Jain
https://wiki.owasp.org/index.php?title=OWASP_HA_Vulnerability_Scanner_Project&diff=156274
OWASP HA Vulnerability Scanner Project
2013-07-31T02:43:12Z
<p>Dhruv Jain: </p>
<hr />
<div>=Main=<br />
Project has beeen sstarted.Currently developing Spider to get links of all the pages<br />
<br />
=Project About=<br />
{{:Projects/OWASP_HA_Vulnerability_Scanner_Project}} <br />
<br />
[[Category:OWASP Project]]</div>
Dhruv Jain