ScannerVersionVendor
Scrawlr1.0HP Application Security Center

Tested Against WAVSEP Version:
1.0

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
13.24% Detection Rate
0.00% False Positives		(18/136)
(0/10)
Response TypeInput VectorDetection RateDetails
Errorneous 500 ResponsesHTTP GET (Query String Parameters)9 out of 20Cases Detected: 1(1st&2nd),2,3,7,8,11-13 Cases Missed: 4-6,9,10,14-19
Errorneous 500 ResponsesHTTP POST (Body Parameters)0 out of 20POST values are not covered by this tool
Errorneous 200 ResponsesHTTP GET (Query String Parameters)9 out of 20Cases Detected: 1(1st&2nd),2,3,7,8,11-13 Cases Missed: 4-6,9,10,14-19
Errorneous 200 ResponsesHTTP POST (Body Parameters)0 out of 20POST values are not covered by this tool
Valid 200 ResponsesHTTP GET (Query String Parameters)0 out of 20Cases Missed: 1-19
Valid 200 ResponsesHTTP POST (Body Parameters)0 out of 20POST values are not covered by this tool
Identical 200 ResponsesHTTP GET (Query String Parameters)0 out of 8Cases Missed: 1-8
Identical 200 ResponsesHTTP POST (Body Parameters)0 out of 8POST values are not covered by this tool
False Positive SQLi Test CasesHTTP GET (Query String Parameters)0 out of 10None
WAVSEP Scan Log:
I executed the scanner in front of the following URLs:
http://192.168.1.100:8080/wavsep/index-sql.jsp
http://192.168.1.100:8080/wavsep/index-false.jsp
The scanner successfully crawled all URLs.


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.