|N-Stalker 2012 Free Edition||10.13.11.31||b31||N-Stalker|
|Tested Against WAVSEP Version:|
|95.45% Detection Rate|
0.00% False Positives
|Response Type||Input Vector||Detection Rate||Details|
|Reflected XSS||HTTP GET (Query String Parameters)||32 out of 33||Detected: 1-30(1st&2nd),32 Missed: 31 RXSS-Experimental-GET: 1,3,4 (Previously Detected: 1-5,30(1st&2nd),32)|
|Reflected XSS||HTTP POST (Body Parameters)||31 out of 33||Detected: 1-8,10-30(1st&2nd),32|
|False Positive RXSS Test Cases||HTTP GET (Query String Parameters)||0 out of 7||None|
|Prior to testing, I updated my N-Stalker 2012 free edition to the latest version (31 December, 2013), and also updated the various tool databases to their latest version. I started a new scan with a custom XSS policy and also used the Full XSS Assessment Scan policy to separately scan each of the XSS-vulnerable directories in WAVSEP.
I tried scanning using various configurations, with and without optimizations.
The tool was limited to scanning 500 URLs in one scan, and also produced better results when scanning each directory individually.
|16.0% Detection Rate|
|Initialized WIVET's session, defined fiddler as an outgoing proxy and defined a valid session identifier in fiddler