This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "OWASP HA Vulnerability Scanner Project"
Dhruv Jain (talk | contribs) (Added Decided Features) |
|||
(5 intermediate revisions by one other user not shown) | |||
Line 1: | Line 1: | ||
+ | {| | ||
+ | |- | ||
+ | ! width="700" align="center" | <br> | ||
+ | ! width="500" align="center" | <br> | ||
+ | |- | ||
+ | | align="right" | [[Image:OWASP Inactive Banner.jpg|800px| link=https://www.owasp.org/index.php/OWASP_Project_Stages#tab=Inactive_Projects]] | ||
+ | | align="right" | | ||
+ | |||
+ | |} | ||
=Main= | =Main= | ||
− | Project | + | '''If you wish to be a part of this Project Team , contact Project Leader''' |
+ | |||
+ | |||
+ | Spider Module Completed.Added Random time interval between requests and proxy. | ||
+ | --[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 03:59, 8 September 2013 (CDT) | ||
− | |||
Line 149: | Line 161: | ||
Cookie Security Analysis Module, including: | Cookie Security Analysis Module, including: | ||
+ | |||
- Find weakness in cookie information | - Find weakness in cookie information | ||
+ | |||
- Find cookies sent without encryption | - Find cookies sent without encryption | ||
+ | |||
- Find information leakage in cookie information | - Find information leakage in cookie information | ||
+ | |||
- Find cookies vulnerable to malicious client-side script | - Find cookies vulnerable to malicious client-side script | ||
Line 166: | Line 182: | ||
− | --[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) | + | --[[User:Dhruv Jain|Dhruv Jain]] ([[User talk:Dhruv Jain|talk]]) 19:45, 17 August 2013 (CDT) |
---- | ---- |
Latest revision as of 21:51, 9 May 2014
|
|
---|---|
Main
If you wish to be a part of this Project Team , contact Project Leader
Spider Module Completed.Added Random time interval between requests and proxy.
--Dhruv Jain (talk) 03:59, 8 September 2013 (CDT)
EXPECTED FEATURES:
Note: Some of these features maybe scraped off depending on the feasibility of application
»Web Spider Module
»Custom Design Errors
Cross-site Script Injection Module
Database Tampering – SQL Injection Module, including:
- Direct mode
- Blind mode
Buffer & Integer Overflow attack Module
Format String attack Module
File & Directories Tampering Module, including:
- Backup Files Discovery
- Configuration Files Discovery
- Password Files Discovery
- Information Leakage Discovery
Parameter Tampering Module, including:
- Special Parameter Addition attacks
- Boolean Parameter Tampering attacks
- Hidden Parameter Discovery
- Parameter Deletion attacks
- Remote Execution attacks
- File & Directory traversal attacks
- Header Splitting & CRLF Injection attacks
- Remote File Include PHP-based attacks
Check for Suspicious Values in Web Form Hidden Fields
Custom Signature Check (via Signature Editor)
»Web Server Exposure
Web Server structure Analysis Module, including:
- Web Server & Platform version vulnerabilities
- SSL encryption and X.509 certificate vulnerabilities
- HTTP Method Discovery Module
- HTTP Fingerprint Module, including:
- Web Server Fingerprint Module
- Web Server technology Discovery Module
- Directory Brute-Force
- HTTP Protocol vulnerabilities
»Web Signature Attacks
Web Attack Signatures Module, including:
- IIS CGI Decode Test
- IIS Extended Unicode Test
- IIS File Parsing Test
- FrontPage Security Test
- Lotus Domino Security Test
- General CGI Security Test
- HTTP Devices Security Test (routers, switches)
- Windows-based CGI Security Test
- Windows-based CGI Security Test
- PHP Web Application Security Test
- ASP Web Application Security Test
- J2EE Web Application Security Test
- Coldfusion Web Application Security Test
Attack templates such as:
- Complete, SANS/FBI Top10, Top20
»Confidentiality Exposure Checks
Look for Web forms vulnerabilities, including:
- Password cache feature
- Insecure method for sending data
- Lack of Encryption for sensitive data
- Insecure location to send data (leakage)
- Find directory listing
- Find available objects to download
- Find meta-tag leakage
- Find sensitive keywords in comments and scripts
Compliance analysis, including:
- Find Copyright statements
- Find content rating statements
- Find custom content on web pages and forms
»Cookie Exposure Checks
Cookie Security Analysis Module, including:
- Find weakness in cookie information
- Find cookies sent without encryption
- Find information leakage in cookie information
- Find cookies vulnerable to malicious client-side script
»File & Directory Exposure Checks
Search for backup files
Search for information leakage files
Search for configuration files
Search for password files
--Dhruv Jain (talk) 19:45, 17 August 2013 (CDT)
Project About
PROJECT INFO What does this OWASP project offer you? |
RELEASE(S) INFO What releases are available for this project? | |||||||||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|