LogoScannerVersionVendor
Andiparos1.0.6Compass Security AG

Tested Against WAVSEP Version:
1.5

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
77.21% Detection Rate
40.00% False Positives
(105/136)
(4/10)
Response TypeInput VectorDetection RateDetails
Errorneous 500 ResponsesHTTP GET (Query String Parameters)19 out of 20Cases Detected: 1(1st&2nd),2-18 Cases Missed: 19
Errorneous 500 ResponsesHTTP POST (Body Parameters)18 out of 20Cases Detected: 1(1st),2-18 Cases Missed: 1(2nd),19
Errorneous 200 ResponsesHTTP GET (Query String Parameters)19 out of 20Cases Detected: 1(1st&2nd),2-18 Cases Missed: 19
Errorneous 200 ResponsesHTTP POST (Body Parameters)19 out of 20Incosistent Results (Case 19). Cases Detected: 1(1st),2-19 Cases Missed: 1(2nd)
Valid 200 ResponsesHTTP GET (Query String Parameters)13 out of 20Incosistent Results (Minor). Cases Detected: 1(2nd),3, 5-8,11-13,15-18 Cases Missed: 1(1st),2,4,9,10,14,19
Valid 200 ResponsesHTTP POST (Body Parameters)11 out of 20Cases Detected: 3, 6-8,11-13,15-18 Cases Missed: 1(1st&2nd),2,4,5,9,10,14,19
Identical 200 ResponsesHTTP GET (Query String Parameters)3 out of 8Cases Detected: 1,2,3 Cases Missed: 4-8
Identical 200 ResponsesHTTP POST (Body Parameters)3 out of 8Cases Detected: 1,2,3 Cases Missed: 4-8
False Positive SQLi Test CasesHTTP GET (Query String Parameters)4 out of 102,4,6,8

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
27.27% Detection Rate
42.86% False Positives
(18/66)
(3/7)
Response TypeInput VectorDetection RateDetails
Reflected XSSHTTP GET (Query String Parameters)9 out of 33Cases Detected: 1-6,30(1st&2nd),32 Cases Missed: 7-29,31
Reflected XSSHTTP POST (Body Parameters)9 out of 33Cases Detected: 1-6,30(1st&2nd),32 Cases Missed: 7-29,31
False Positive RXSS Test CasesHTTP GET (Query String Parameters)3 out of 71,2,6

WAVSEP Scan Log:
The application was crawled and tested in two different methods: a single scan performed after crawling the main index page, and several individual crawling & scanning operations that were performed against each individual directory.
The scanning process was performed after enabling all the plugins in the following categories: HTML Injection, SQL Injection, Miscellaneous .
The output word ?SQL? seems to be a key word in the detection process, and every appearance of it causes the tool to identify the page as vulnerable (and as a result it was removed from the static HTML of all the tested pages).
The tool is still prone to various bugs, such as failure to generate reports, issues related to the alerts tab auto-refresh and unstable spider that sometimes requires several crawling operations.

Updated Obsoelte File Scans:
Plugins used: "Obsolete file", "Obsolete file extended check", "directory browsing".
Scan process: used the spider twice on the obsolete files root directory, scanned twice from the obsolete files directory root, and once more from wavsep's root directory (so the scanner will have a chance to detect WEB-INF compressed folders).

Updated Unvalidated Redirect Scan:
Plugins used: "External Redirect".
Scan process: I limited the spider and scanner to run only with a single thread.
Executed the spider on all the directories twice, but for some reasons it didn't locate all the files and requests, so I manually submitted all the missing requests and accessed all the missing files.
After verifying that all the files existed in each directory, I executed the scanner on each directory separately, and twice, before counting the results.

The WIVET Score of the Scanner:
Detection AccuracyChart
10.0% Detection Rate

WIVET Scan Log:
Initialized WIVET's session, limited the spider threads to 1 single thread and the depth to the max, defined the upstream proxy to fiddler, in which I used the filter features to define a valid session identifier, and finally, I edited menu.php in WIVET and excluded the logout URL (100.php).

Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.