| Scanner | Version | Vendor |
| iScan | 0.1 | Simone Margaritelli |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 0.00% Detection Rate 0.00% False Positives | (0/136) (0/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | The tool did not manage to scan URLs with upper case characters. |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 0 out of 20 | The tool did not manage to scan URLs with upper case characters. |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | The tool did not manage to scan URLs with upper case characters. |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 0 out of 20 | The tool did not manage to scan URLs with upper case characters. |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 0 out of 20 | The tool did not manage to scan URLs with upper case characters. |
| Valid 200 Responses | HTTP POST (Body Parameters) | 0 out of 20 | The tool did not manage to scan URLs with upper case characters. |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 0 out of 8 | The tool did not manage to scan URLs with upper case characters. |
| Identical 200 Responses | HTTP POST (Body Parameters) | 0 out of 8 | The tool did not manage to scan URLs with upper case characters. |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 0 out of 10 | The tool did not manage to scan URLs with upper case characters. |
| Detection Accuracy | Chart | ||||
| 0.00% Detection Rate 0.00% False Positives | (0/66) (0/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 0 out of 33 | The tool did not manage to scan URLs with upper case characters. |
| Reflected XSS | HTTP POST (Body Parameters) | 0 out of 33 | The tool did not manage to scan URLs with upper case characters. |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 0 out of 7 | The tool did not manage to scan URLs with upper case characters. |
| The tool was not able to scan non-standard ports for some reason (8080), so I defined the web site as an upstream proxy in burp (192.168.46.2:8080) and burp as an outgoing proxy in burp.
The following URLs were scanned using iScan (through burp): http://localhost/wavsep/index-sql.jsp http://localhost/wavsep/index-xss.jsp http://localhost/wavsep/index-false.jsp The scanner was not able to scan the application, and always declared that the URL scanned was not found, so I investigated further and found the problem: it seems that the scanner did not support any upper cases URLs, and in fact, sent URLs only in lower case format, a behavior that caused my tomcat server to respond with 404 messages. As a result, I have decided that in its current condition, this tool could not be used to test a wide range of technologies, and thus, I will postpone its assessment to future benchmarks. |