LogoScannerVersionBuildVendor
IBM AppScan9.0.0.999 / 8.8.0.0466IBM Security Systems Division

Tested Against WAVSEP Version:
1.5

Product Details:
Accurate
Version
License /
Technology
Last Update
Source Code
Activity
9.0.0.999 / 8.8.0.0 (GA)
Build 466
Commercial
.Net 4.0
11-12-2013

General Features:
GUIConfigUsageStabilityPerformanceReportScanLogPauseSession
SimpleSimpleVery StableFast

Authentication, Control and Connection Features:
Custom
Cookie
Custom
Header
B
A
S
I
C
D
I
G
E
S
T
N
T
L
M
N
T
L
M
v
2
K
E
R
B
E
R
O
S
F
O
R
M
PROXY
GZIP
DEFLATE
SSL
CERT
Logout
Detection
Exclude
Logout
Exclude
URL
Exclude
Param

Coverage Features:
C
O
U
N
T
Manual
Crawl
URL
File
Html
Crawler
Ajax
Crawler
Flash
Crawler
Applet
Crawler
Silverlight
Crawler
WSDL
Crawler
REST
Crawler
Field
Autofill
Smart
Autofill
Anti
CSRF
Support
Viewstate
Support
CAPTCHA
Bypass
WAF
Bypass
11

Input Vector Support:
C
O
U
N
T
G
E
T
P
O
S
T
C
O
O
K
I
E
H
E
A
D
E
R
S
E
C
R
E
T
P
N
a
m
e
X
M
L
X
m
l
A
T
T
X
m
l
T
A
G
J
S
O
N
.
N
e
t
E
N
C
A
M
F
J
a
v
a
S
E
R
.
N
e
t
S
E
R
W
C
F
W
C
F
-
B
i
n
W
e
b
S
o
c
k
D
W
R
C
u
s
t
o
m
17

Audit Features:
C
O
U
N
T
S
Q
L
i
B
S
Q
L
i
S
S
J
S
i
R
X
S
S
P
X
S
S
D
X
S
S
J
S
O
N
h
L
F
I
R
F
I
C
M
D
E
x
e
c
U
P
L
O
A
D
R
E
D
I
R
E
C
T
C
R
L
F
i
L
D
A
P
i
X
P
A
P
H
i
M
X
i
S
S
I
F
O
R
M
A
T
i
C
O
D
E
i
X
M
L
i
E
L
i
B
U
F
F
E
R
o
I
N
T
E
G
E
R
o
C
O
D
E
D
i
s
c
B
A
C
K
U
P
f
P
A
D
D
I
N
G
A
U
T
H
b
P
R
I
V
e
X
X
E
S
E
S
S
I
O
N
F
I
X
A
T
I
O
N
C
S
R
F
A
D
o
S
30

Complimentary Audit Features:
WebServer
Hardening
CGI
Scanning
Dir & File
Enumeration
Passive
Analysis
Additional
Features
Custom HTTP Location Attack Vector, Restful Param Support, Manual Configuration for AntiCSRF Token Support*, Indirect login CAPTCHA support through, the "prompt login" feature, JS / Flash Parsing & Execution, Kerberos authentication support

The SQL Injection Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
0.00% False Positives
(136/136)
(0/10)

The Reflected XSS Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
0.00% False Positives
(66/66)
(0/7)

The Path Traversal / Local File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
0.00% False Positives
(816/816)
(0/8)

The Remote File Inclusion Detection Accuracy of the Scanner:
Detection AccuracyChart
100.00% Detection Rate
0.00% False Positives
(108/108)
(0/6)

The WIVET Score of the Scanner:
WIVET ScoreChart
92.00% Detection Rate

Additional Audit Features:
The Session Id Analysis is implemented within Appscan Powertools, Null Byte, Parameter Tampering (eShopLifting, Debug Mode, Boolean Parameters), Range Restriction Bypass, HTML5 Attacks (HTML5 SQLi, Client Command Execution, Client Side Open Redirect), Flash Specific Attacks (XSF, XSS via Flash, Flash Permissions, Phishing via Flash), XML Specific Attacks (XXE - XML External Entity, SOAP Array Overflow), Account Lockout, Floating Point DoS, Code Injection (Perl, Partial PHP)

Additional Features:
Custom HTTP Location Attack Vector, Restful Param Support, Manual Configuration for AntiCSRF Token Support*, Indirect login CAPTCHA support through, the "prompt login" feature, JS / Flash Parsing & Execution, Kerberos authentication support

Overview:
Flash AMF Scanning, Web Services Scanning, Runtime Analysis (GlassBox), Javascript Security Analysis (JSA), Credential Enumeration, Multiphase operation support (manual & automatic), External Integration for exploitation tools, Web Malware Analysis & Detection (Pattern & Behavioral Analysis), Certain WAF create rules automatically from AppScan reports


Copyright © 2010-2016 by Shay Chen. All rights reserved.
Click here to learn how this information may be published or reused.