LogoScannerVersionBuildVendor
AppSpider6.0773/778Rapid7

Tested Against WAVSEP Version:
1.5

Product Details:
Accurate
Version		License /
Technology		Last Update
Source Code
Activity
6.0 (GA)
Build 773/778 		Commercial
Java 1.6.x		01-11-2013

General Features:
GUIConfigUsageStabilityPerformanceReportScanLogPauseSession
Very SimpleVery SimpleStableFast

Authentication, Control and Connection Features:
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param

Coverage Features:
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
11

Input Vector Support:
C
O
U
N
T
G
E
T
P
O
S
T
C
O
O
K
I
E
H
E
A
D
E
R
S
E
C
R
E
T
P
N
a
m
e
X
M
L
X
m
l
A
T
T
X
m
l
T
A
G
J
S
O
N
.
N
e
t
E
N
C
A
M
F
J
a
v
a
S
E
R
.
N
e
t
S
E
R
W
C
F
W
C
F
-
B
i
n
W
e
b
S
o
c
k
D
W
R
C
u
s
t
o
m
16

Audit Features:
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
19

Complimentary Audit Features:
WebServer
Hardening		CGI
Scanning		Dir & File
Enumeration		Passive
Analysis		Additional
Features
URL attack vector, Ajax & SOAP Scan, External manual crawling (via burp/paros log), Crawling & verification via multiple browser engines (IE, Firefox), Advanced form submitting engine, Report-integrated exposure verification applet, WAF rule generation.

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
97.06% Detection Rate
0.00% False Positives		(132/136)
(0/10)

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
0.00% False Positives		(66/66)
(0/7)

The Path Traversal / Local File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
81.13% Detection Rate
12.50% False Positives		(662/816)
(1/8)

The Remote File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
79.63% Detection Rate
0.00% False Positives		(86/108)
(0/6)

The WIVET Score of the Scanner:
WIVET ScoreChart
94.00% Detection Rate

Additional Audit Features:
SSL Strength, Credential Brute Force / Dictionary Attacks (Form/Http), Business Logic Abuse Attacks, XST, Directory Indexing, Parameter Analysis, Basic flash/java analysis, Malicious frame/script analysis, Java Grinder, Reverse Proxy.

Additional Features:
URL attack vector, Ajax & SOAP Scan, External manual crawling (via burp/paros log), Crawling & verification via multiple browser engines (IE, Firefox), Advanced form submitting engine, Report-integrated exposure verification applet, WAF rule generation.

Overview:
The tool creates an application map, as a tool for the customer to inspect the test scope. The next major upcoming release of NTO (v6.x) is supposed to include AMF Support and Improved AJAX crawling. Future plans for Chrome crawling / exposure verification. The tool currently does not provide VBs exploitation payloads for XSS.


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.