| Logo | Scanner | Version | Vendor |
 | Netsparker Cloud | 2015-06-16 | Netsparker Ltd |
| Tested Against WAVSEP Version: |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 0.00% False Positives | (136/136) (0/10) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 Detected Prior to Bugfix: 1(1st&2nd)-3,4,5-7,9,11-17,19, Incosistent detection of cases 4 and 9. Previously Detected: 1(1st),3,4,6-17,19 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 20 out of 20 | Detected: 1(1st&2nd),2-19 Detected Prior to Bugfix:1(1st&2nd)-6,8-17,19, Incosistent detection of 14 and 9. Previously Detected: 1(1st),2-6,8-13,15-17,19 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 8 out of 8 | Detected: 1-8 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 8 out of 8 | Detected: 1-8 |
| False Positive SQLi Test Cases | HTTP GET (Query String Parameters) | 0 out of 10 | None |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 0.00% False Positives | (66/66) (0/7) |
| Response Type | Input Vector | Detection Rate | Details |
| Reflected XSS | HTTP GET (Query String Parameters) | 33 out of 33 | Detected: 1-30(1st&2nd),31,32 GET-Experimental: 1,3,4,7-11 |
| Reflected XSS | HTTP POST (Body Parameters) | 33 out of 33 | Detected: 11-30(1st&2nd),31,32 POST-Experimental: 1,3,7-11 |
| False Positive RXSS Test Cases | HTTP GET (Query String Parameters) | 0 out of 7 | None |
| Detection Accuracy | Chart | ||||
| 94.36% Detection Rate 0.00% False Positives | (770/816) (0/8) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-30,37-40,42,44,46-48,53-56,58,60,62-64 |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-30,47,48,53-56,58,60,62-64 |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-30,37-40,42,44,46-48,53-56,58,60,62-64 |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-30,47,48,53-56,58,60,62-64 |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 65 out of 68 | Detected: 1-7,9-36,38-52,54-68 Previously Detected: 1-30,37-40,42,44,46-48,53-56,58,60,62-64 |
| Valid 200 Responses | HTTP POST (Body Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-30,47,48,53-56,58,60,62-64 |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 65 out of 68 | Detected: 1-7,9-36,38-52,54-68 Previously Detected: 1-30,37-40,42,44,46-48,53-56,58,60,62-64 |
| Identical 200 Responses | HTTP POST (Body Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-30,47,48,53-56,58,60,62-64 |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-30,37-40,42,44,46-48,53-56,58,60,62-64 |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-30,39,48,53-56,58,60,62-64 |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-17,21,24,25,28,37-40,42,44,46-48,53-56,58,60,62-64 |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 64 out of 68 | Detected: 1-3, 5-7,9-36,38-52,54-68 Previously Detected: 1-17,21,24,25,28,47, 48,53,55,56,58,60,62-64 |
| False Positive Lfi Test Cases | HTTP GET (Query String Parameters) | 0 out of 8 | None |
| Detection Accuracy | Chart | ||||
| 100.00% Detection Rate 0.00% False Positives | (108/108) (0/6) |
| Response Type | Input Vector | Detection Rate | Details |
| Errorneous 500 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Errorneous 500 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Errorneous 200 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Errorneous 200 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Valid 200 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Valid 200 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Identical 200 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Identical 200 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Redirect (302) Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Redirect (302) Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Erroneous 404 Responses | HTTP GET (Query String Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1,3,4 (as LFI) |
| Erroneous 404 Responses | HTTP POST (Body Parameters) | 9 out of 9 | Detected: 1-9 Previously Detected: 1 (as LFI) |
| False Positive Rfi Test Cases | HTTP GET (Query String Parameters) | 0 out of 6 | None |
| I used Netsparker Cloud in a point-and-shoot process, in which I scanned the directories of individual vulnerabilities individually, while comparing the results to an all-out wavsep scan and full scans of all directories of each individual vulnerable attack vector (measuring result consistency).
I tested the various vulnerable pages with standard policies, attack-specific custom policies and a WAVSEP specific policy provided by the vendor. Custom attack policies and WAVSEP specific policies seemed to perform better on WAVSEP. While defining cusom policies, I used the vendor recommended WAVSEP configuration which is available online - In addition to disabling the URL Rewrite detection, In the configuration I enabled Wait Resource Finder , Text Parser , Fallback To Get and Analyze Javascript / AJAX options under Crawling section, Set the Max 404 pages to attack to 250, the directory name under set common directory value to 150, enabled the Simulate All feature in the Open Redirection section, and enabled the Bypass Scope for Static Checks feature under the scope section. |
| Detection Accuracy | Chart | ||
| 91.0% Detection Rate |
| I Initialized WIVET's session, Selected a custom passive analysis policy and defined the scanner to use the following crawl attributes: Crawling Page Limit 7500, Enabled Wait Resource Finder, Enabled Text Parser, Enabled Fallback to GET, Enabled Analyze Javascript/AJAX.
I also defined a valid session identifier and excluded the logout URL (logout.php, 100.php), even though I already removed it manually from one of the WIVET's testbeds used. |