/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsN-Stalker Web Application Security Scanner 2006 is a suite of Web security assessment checks against various vulnerabilities and attacks. The tool carries out assessment checks in three different stages: Development and QA; Infrastructure & Deploy; and Audit & Pen-test analysis.
The Development and QA profile is useful for discovering vulnerabilities during the development phase. It tests Web applications for common vulnerabilities such as XSS and SQL injection, Buffer Overflow and Parameter Tampering.
The Infrastructure & Deploy profile scans your Web server infrastructure using its Web Attack Signatures database and can be helpful in detecting vulnerabilities and fixing them during deployment. In the Audit & Pen-test profile, the tool audits your production-level Web applications and Web server by periodically combining the component-oriented Web Application Security Assessment and the 'N-Stealth HTTP Vulnerabilities Database.'
| Applies To: Web security managers Price: Enterprise Edition: $699 for single IP license for 1 year USP: A suite of security assessment checks for Web Apps Primary Link:www.nstalker.com Google Keywords: Web security assessment |
Under every profile it has a lot of policies, which can be chosen according to the scan you want to perform. You can also create your own policies or edit the existing ones. You can use N-Stalker to scan a single Web server, an IP range or simply the Web app files. It checks Web apps for custom design errors, cookie exposure checks, Web server exposure, file and directory exposure checks, confidentiality exposure checks and Web signature attacks. Its Report Manager can compare all scan reports, which can be saved in HTML, RTF and PDF formats.
Using N-Stalker
To perform a scan, click on 'Scan wizard' in the main window and then on Infrastructure/Deploy Scan. Next, it will ask you to choose a policy. Here choose 'Complete Web Server Pen-test' and provide the URL of the Web application you want to scan. Click on 'Start Scan' to start the Pen-test. In the new window, click on Play to start the scan. While the scan is in progress, you can see statistical details, details of objects found and the various logs. Once the scan is over, click on Events List tab.
Here you can see details about vulnerabilities found during the test. When you click on a vulnerability, details such as Bugtraq ID, vulnerability class, level of severity, online references of the vulnerability and solutions are shown. To see the request and response details of the vulnerability found, click on 'See Request Details.' A new window will open where you can see HTTP request and response details in Text, Browser, and Hex View of the vulnerability.
Once a vulnerability has been found, N-Stalker cautions you about its effects and provides Web references for the threat |
In the Events List you can see information about the objects found on the website-Scripts, Web Forms, E-mails, Broken Pages, etc. After the scanning is over, N-stalker will ask whether you want to generate reports or not. If yes, it will generate reports and also open the Report Manager where they can be viewed.
Source: PCQuest