Web Application Scanner

The complex of programs and the knowledge base for the vulnerability analysis of the implementations and customizations of web-applications and web-servers.
The given complex is intended for inventory and an security estimation of various (heterogeneous) web-applications. The project is developed with usage of WebEngine kernel.

On the Inventory stage the following information about the web-application is collected:

- HTML objects
- used scripts and applications/applets
- links with other sites
- the information about a hosting and a server
- time characteristics (response time) and the data about productivity of the web application

Also, the information about the web application received from indirect sources, such as Whois, Ripe.net, DNS, search sites etc is analyzed. On the stage of the Security Estimation of an application the following information is collected:

- the analysis of customizations of a web server
- the analysis of an source code of the application (PHP, ASP, JS etc.)
- search for the vulnerabilities in the Web-server software
- the analysis of the application stability in the case of different types of attacks, such as SQL injection, XSS, CSRF, Script including, OS commanding etc.
- the analysis of the application stability in the case of DoS attacks
- the analysis of the web-application regarding authentication of users.

The main target audience for the given system is the information security experts, system administrators, hosting-providers and the web-application developers.

We good and efficent opensource tool for codes and security code analyst as per our observations this tool can perform much better if fine tuned according to environment.

Download WebAppTools Here

Tagged as: Tutorials, Web Application Scanner, web security, WebAppTools

Be the first to comment!