Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • WebCruiser Web Vulnerability Scanner Test Report

    Загружено:

    jhonassa
    116 просмотров14 страниц
    web criuser analicer

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    web criuser analicer

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    116 просмотров14 страниц

    WebCruiser Web Vulnerability Scanner Test Report

    Загружено:

    jhonassa
    web criuser analicer

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 14

    WebCruiser Web Vulnerability Scanner Test Report

    V3.4.0 Made by Janusec (http://www.janusec.com )

    1. Test Report
    1.1. SQL Injection Test Report
    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    Erroneous 500 Responses

    19

    19

    100%

    Erroneous 200 Responses

    19

    19

    100%

    200 Responses With


    Differentiation

    19

    19

    100%

    Identical 200 Responses

    100%

    Erroneous 500 Responses

    19

    19

    100%

    Erroneous 200 Responses

    19

    19

    100%

    200 Responses With


    Differentiation

    19

    19

    100%

    Identical 200 Responses

    100%

    GET Input Vector


    Experimental

    Insert / Delete / Other

    100%

    POST Input
    Vector Experimental

    Insert / Delete / Other

    100%

    Cases Count

    Report

    Pass Rate

    GET Input Vector

    POST Input
    Vector

    1.2. XSS Test Report


    Input Vector

    Test Cases

    GET Input Vector

    ReflectedXSS

    32

    32

    100%

    POST
    Vector

    ReflectedXSS

    32

    32

    100%

    Cookie
    Input
    Vector
    Experimental

    ReflectedXSS

    100%

    GET Input Vector


    - Experimental

    ReflectedXSS

    11

    11

    100%

    POST
    Input
    Vector
    Experimental

    ReflectedXSS

    11

    11

    100%

    GET Input Vector


    - Experimental

    DomXSS

    100%

    Input

    1.3. LFI Test Report


    Input Vector

    Get Input Vector

    POST Input
    Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    Erroneous HTTP 500


    Responses

    68

    68

    100%

    Erroneous HTTP 404


    Responses

    68

    68

    100%

    Erroneous HTTP 200


    Responses

    68

    68

    100%

    HTTP 302 Redirect


    Responses

    68

    68

    100%

    HTTP 200 Responses With


    Differentiation

    68

    68

    100%

    HTTP 200 Responses with


    Default File on Error

    68

    68

    100%

    Erroneous HTTP 500


    Responses

    68

    68

    100%

    Erroneous HTTP 404


    Responses

    68

    68

    100%

    Erroneous HTTP 200


    Responses

    68

    68

    100%

    HTTP 302 Redirect


    Responses

    68

    68

    100%

    HTTP 200 Responses With


    Differentiation

    68

    68

    100%

    HTTP 200 Responses with


    Default File on Error

    68

    68

    100%

    Cases Count

    Report

    Pass Rate

    Erroneous HTTP 500


    Responses

    100%

    Erroneous HTTP 404


    Responses

    100%

    Erroneous HTTP 200


    Responses

    100%

    HTTP 302 Redirect


    Responses

    100%

    HTTP 200 Responses With


    Differentiation

    100%

    HTTP 200 Responses with

    100%

    1.4. RFI Test Report


    Input Vector

    Get Input Vector

    Test Cases

    Default File on Error

    POST Input
    Vector

    Erroneous HTTP 500


    Responses

    100%

    Erroneous HTTP 404


    Responses

    100%

    Erroneous HTTP 200


    Responses

    100%

    HTTP 302 Redirect


    Responses

    100%

    HTTP 200 Responses With


    Differentiation

    100%

    HTTP 200 Responses with


    Default File on Error

    100%

    Cases Count

    Report

    Pass Rate

    HTTP 302 Redirect


    Responses

    15

    15

    100%

    HTTP 200 Responses With


    Javascript Redirect

    15

    15

    100%

    HTTP 302 Redirect


    Responses

    15

    15

    100%

    HTTP 200 Responses With


    Javascript Redirect

    15

    15

    100%

    Cases Count

    Report

    Pass Rate

    1.5. Redirect Test Report


    Input Vector

    Get Input Vector

    POST Input
    Vector

    Test Cases

    1.6. False Positive Test Report


    False Vuln

    Test Cases

    SQL Injection

    False Positive

    10

    100%

    XSS

    False Positive

    100%

    LFI

    False Positive

    100%

    RFI

    False Positive

    100%

    Redirect

    False Positive

    100%

    Backup

    False Positive

    100%

    2. Test Environment
    2.1. Product and Test Cases
    WAVSEP (Web Application Vulnerability Scanner Evaluation Project) v1.5
    WAVSEP Environment: Windows8.1 + XAMPP (Tomcat + MySQL)
    WebCruiser Web Vulnerability Scanner Enterprise Edition V3.4.0

    2.2. Test Scope


    This test report includes the following vulnerabilities:
    SQL Injection
    Cross-site Scripting(XSS)
    LFI(Local File Inclusion)
    RFI(Remote File Inclusion)
    Redirect
    Obsolete Backup
    Other test cases are not included.

    2.3. Test Method


    In order to get the test results quickly, we use a new feature of WebCruiser Web
    Vulnerability Scanner, which is Scan Page, which means it will scan all links in a page
    once a time. This function requires that the links locate under the same or sub directory,
    links under other directories will be skipped.
    When start a new page scan, click Reset Scanner to clear previous result, and navigate
    to new page, and then click ScanPage

    2.4. SQL Injection Test Details


    2.4.1. Get Input Vector
    Erroneous 500 Responses (19 cases)

    Erroneous 200 Responses (19 cases)

    200 Responses With Differentiation (19 cases)

    Identical 200 Responses (8 cases)

    2.4.2. Post Input Vector


    Erroneous 500 Responses (19 cases)

    Erroneous 200 Responses (19 cases)

    200 Responses With Differentiation (19 cases)

    Identical 200 Responses (xx cases)

    2.4.3. GET Input Vector Experimental


    Experimental 1 case

    2.4.4. POST Input Vector Experimental


    Experimental 1 case

    2.5. XSS Test Details


    2.5.1. Get Input Vector

    2.5.2. POST Input Vector

    2.5.3. Cookie Input Vector Experimental

    2.5.4. GET Input Vector Experimental

    2.5.5. POST Input Vector Experimental

    2.5.6. DomXSS GET Input Vector Experimental

    2.6. Other Test Details


    Test details not list here, test report please refer to the chapter 1: test report.
    http://www.janusec.com
    Feb 24, 2015

    Вам также может понравиться