ScannerVersionVendor
N-Stalker 2009 Free Edition7.0.0.223N-Stalker

Tested Against WAVSEP Version:
1.0

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
60.61% Detection Rate
0.00% False Positives
(40/66)
(0/7)
Response TypeInput VectorDetection RateDetails
Reflected XSSHTTP GET (Query String Parameters)20 out of 33Cases Detected: 1-3,5-6,16-19,22-30(1st&2nd) Cases Missed:4,7-15,20,21,31,32
Reflected XSSHTTP POST (Body Parameters)20 out of 33Cases Detected: 1-3,5-6,16-19,22-30(1st&2nd) Cases Missed:4,7-15,20,21,31,32
False Positive RXSS Test CasesHTTP GET (Query String Parameters)0 out of 7None

WAVSEP Scan Log:
I initiated the scan with the ?Cross Site Scripting Only? policy, activated the optimize button, optimized the scan for J2EE, defined the spider ?max per node? feature as 64 and initiated the scan on the following URLs:
http://localhost:8080/wavsep/RXSS-Detection-Evaluation-GET/index.jsp
http://localhost:8080/wavsep/RXSS-Detection-Evaluation-POST/index.jsp
http://localhost:8080/wavsep/index-false.jsp
The scanner successfully crawled all the URLs.


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.