This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

OWASP Joomla Vulnerability Scanner How it works

From OWASP
Revision as of 18:57, 15 July 2009 by D0ubl3 h3lix (talk | contribs) (How does the scanner work ?)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

How does the scanner work ?

1. First HEAD Check if a vulnerable resource exists rather than GET request and search vulnerable string. This speeds up the process. It is good to minimize IDS alert as it doesn't send GET storm attack strings Request.

2. Only if the resource exists, then it checks if the vulnerability exists with sample exploit string.

3. If the exploit string is not available, it works out the vulnerability state with version deduced.