A web application security scanner performs a black box test on a web application to identify potential security vulnerabilities and architectural weaknesses in the web application.
Questions tagged [web-scanners]
93 questions
63
votes
16 answers
What tools are available to assess the security of a web application?
What tools are available to assess the security of a web application?
Please provide a small description of what the tool does.
Update: More specifically, I'm looking for tools that assume no access to the source code (black box).
Olivier Lalonde
- 5,039
- 8
- 31
- 35
45
votes
3 answers
How does the attacker discover our server?
As titled, we discovered some unknown IP address is accessing our API Server.
We have set up an AWS EC2 instance as an API server. The API server URL is only used in our mobile app.
However, our mobile app has not been released yet and the API…
King Chan
- 579
- 1
- 4
- 7
35
votes
4 answers
Why am I getting strange HTTP requests for non-existing pages?
I am running a web server and watching what people request. I have been getting frequent traffic like:
GET /phph/php/ph.php HTTP/1.1
or
GET /mrmr/mrm/mr.php HTTP/1.1
Are these scans? Are the clients checking if my server is already compromised…
user2738698
- 859
- 9
- 18
20
votes
5 answers
Where can I find a solid BURP tutorial?
I'm looking for a good resource for learning/configuring BURP. I understand the concepts behind using the framework, and have read the docs on the site, but if anyone has a solid tutorial link I would love to see it. I would've made this a wiki…
mrnap
- 1,308
- 9
- 15
17
votes
3 answers
Can anyone recognise this sudden influx of malformed HTTP requests?
Starting around 3 weeks ago, my site started getting a lot of strange and recurring http requests from my users.
I'm familiar with malicious scans which happen on a daily basis, but these requests seems to be different, and I believe its some…
carpii
- 223
- 2
- 8
16
votes
4 answers
nginx - How to prevent processing requests with undefined server names with HTTPS
How do I avoid nginx processing a request with an undefined server name using the https protocol.
The following configuration makes this work for normal http requests. It resets the connection for requests with empty host headers which equals to…
binaryanomaly
- 1,291
- 3
- 13
- 21
16
votes
3 answers
Are there any decent web app security scanners that can integrate with a build server?
I've spent a lot of time in TeamCity recently and the nightly code quality metrics coming from the dupe finder, FxCop and NDepend have been great.
What I'd really like to do is find a decent web app security scanner which can run against the…
Troy Hunt
- 3,930
- 4
- 19
- 21
9
votes
3 answers
SQL Injection How to inject Clean/Rest URLS
I have a question I'm hoping you could help me with?
Unclean…
yonetpkbji
- 545
- 2
- 8
- 15
9
votes
4 answers
Can websites access computers in LAN/Localhost through browser & how to block them?
Question 1: While browsing internet, can websites execute code through my browser that access websites or services that are hosted on Localhost or LAN?
Question 2: Also, can data from intranet websites/services be scraped/hacked/stolen through code…
nptxzs
- 171
- 2
- 4
9
votes
2 answers
Given a vulnerable JavaScript snippet from a Stack Overflow answer, how can I cheaply find websites whose authors have copied and pasted it?
Frequently, Stack Overflow answers to JavaScript questions contain XSS vulnerabilities (or vulnerabilities of other kinds). For instance, this answer with 420 upvotes and a quarter of a million views to a question about decoding HTML entities is…
Mark Amery
- 1,777
- 2
- 13
- 19
8
votes
3 answers
How to know if two IP addresses point to the same web server?
Doing some testing against two IP address in the scope I find one web server in each one. Both host what it seems the same web application.
They are different public (accessible through Internet) IP addresses and there are no explicit redirects…
kinunt
- 2,759
- 2
- 23
- 30
6
votes
1 answer
Does WebDAV pose an unreasonable risk in IIS7.5?
I'm looking for a bit of feedback on WebDAV, in this case running on IIS7.5. I've had an IBM Rational AppScan report come to me with a medium severity finding as a result of DAV entries in the response headers.
I'm conscious WebDAV has had its…
Troy Hunt
- 3,930
- 4
- 19
- 21
5
votes
2 answers
Preventing Attacks Scanning for PHPMyAdmin etc
I have a Linux web server running Rails and each time I check the Nginx logs I find attempts to access PHPMyAdmin, database and admin directories such as this:
190.196.161.110 - - [16/Oct/2011:23:37:31 +0100] "GET //PHPMyAdmin/ HTTP/1.1" 404 728 "-"…
rsl
- 53
- 1
- 3
5
votes
2 answers
Is it worth it to install the same web application on different kind of web servers in a vulnerability assessment?
When doing a web vulnerability assessment with tools such as Acunetix and w3af, is it worth it to install the same web application on multiple types of web servers (Apache, IIS, etc.)?
If differences could be found, in the scanning results, between…
fvaliquette
- 121
- 4
5
votes
1 answer
Burp Suite Active Scanning Wizard options
I have been making use of Burp Suite's active scanning functionality for some of my recent web application assessments and I had some questions about the active scanners ability to remove urls from the scan queue that have particular characteristics…
Bryan
- 61
- 1
- 5