zoukankan      html  css  js  c++  java
  • 转:WebCruiser Web Vulnerability Scanner 3 测评

    WebCruiser是一款Web高危漏洞扫描器,相对于其它大型扫描器,WebCruiser的典型特点是聚焦高危漏洞,且可以只扫指定的漏洞类型,可以只扫指定的URL,可以只扫指定的页面。当然也可以进行全站扫描。其从3.0版本开始,通过WAVSEP(扫描器评估) v1.5进行检测评估,已经100%覆盖SQL注入和跨站的全部用例。

    WebCruiser安全扫描工具使用手册V3下载    

    在线查看:

    http://www.docin.com/p-1059883525.html

     

     

    WebCruiser Web Vulnerability Scanner 3 Test Report

     

    1.  Test Report

    1.1. SQL Injection Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    GET Input Vector

    Erroneous 500 Responses

    19

    19

    100%

    Erroneous 200 Responses

    19

    19

    100%

    200 Responses With Differentiation

    19

    19

    100%

    Identical 200 Responses

    8

    8

    100%

    POST Input Vector

    Erroneous 500 Responses

    19

    19

    100%

    Erroneous 200 Responses

    19

    19

    100%

    200 Responses With Differentiation

    19

    19

    100%

    Identical 200 Responses

    8

    8

    100%

    GET Input Vector – Experimental

    Insert / Delete / Other

    1

    1

    100%

    POST Input Vector - Experimental

    Insert / Delete / Other

    1

    1

    100%

    1.2. XSS Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    GET Input Vector

    ReflectedXSS

    32

    32

    100%

    POST Input Vector

    ReflectedXSS

    32

    32

    100%

    Cookie Input Vector - Experimental

    ReflectedXSS

    1

    1

    100%

    GET Input Vector - Experimental

    ReflectedXSS

    11

    11

    100%

    POST Input Vector - Experimental

    ReflectedXSS

    11

    11

    100%

    GET Input Vector - Experimental

    DomXSS

    4

    4

    100%

    1.3. LFI Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    Get Input Vector

    Erroneous HTTP 500 Responses

    68

    68

    100%

    Erroneous HTTP 404 Responses

    68

    68

    100%

    Erroneous HTTP 200 Responses

    68

    68

    100%

    HTTP 302 Redirect Responses

    68

    68

    100%

    HTTP 200 Responses With Differentiation

    68

    68

    100%

    HTTP 200 Responses with Default File on Error

    68

    68

    100%

    POST Input Vector

    Erroneous HTTP 500 Responses

    68

    68

    100%

    Erroneous HTTP 404 Responses

    68

    68

    100%

    Erroneous HTTP 200 Responses

    68

    68

    100%

    HTTP 302 Redirect Responses

    68

    68

    100%

    HTTP 200 Responses With Differentiation

    68

    68

    100%

    HTTP 200 Responses with Default File on Error

    68

    68

    100%

    1.4. RFI Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    Get Input Vector

    Erroneous HTTP 500 Responses

    9

    9

    100%

    Erroneous HTTP 404 Responses

    9

    9

    100%

    Erroneous HTTP 200 Responses

    9

    9

    100%

    HTTP 302 Redirect Responses

    9

    9

    100%

    HTTP 200 Responses With Differentiation

    9

    9

    100%

    HTTP 200 Responses with Default File on Error

    9

    9

    100%

    POST Input Vector

    Erroneous HTTP 500 Responses

    9

    9

    100%

    Erroneous HTTP 404 Responses

    9

    9

    100%

    Erroneous HTTP 200 Responses

    9

    9

    100%

    HTTP 302 Redirect Responses

    9

    9

    100%

    HTTP 200 Responses With Differentiation

    9

    9

    100%

    HTTP 200 Responses with Default File on Error

    9

    9

    100%

    1.5. Redirect Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    Get Input Vector

    HTTP 302 Redirect Responses

    15

    15

    100%

    HTTP 200 Responses With Javascript Redirect

    15

    15

    100%

    POST Input Vector

    HTTP 302 Redirect Responses

    15

    15

    100%

    HTTP 200 Responses With Javascript Redirect

    15

    15

    100%

    1.6. False Positive Test Report

    False Vuln

    Test Cases

    Cases Count

    Report

    Pass Rate

    SQL Injection

    False Positive

    10

    0

    100%

    XSS

    False Positive

    7

    0

    100%

    2.  Test Environment

    2.1. Product and Test Cases

    WAVSEP (Web Application Vulnerability Scanner Evaluation Project) v1.5

    WAVSEP Environment: Windows8.1 + XAMPP (Tomcat + MySQL)

    WebCruiser Web Vulnerability Scanner Enterprise Edition V3.1.0

    2.2. Test Scope

    This test report includes the following vulnerabilities:

    •  SQL Injection
    •  Cross-site Scripting(XSS)
    •  LFI(Local File Inclusion)
    •  RFI(Remote File Inclusion)
    •  Redirect

    Other test cases are not included.

    2.3. Test Method

    In order to get the test results quickly, we use a new feature of WebCruiser Web Vulnerability Scanner, which is “Scan Page”, which means it will scan all links in a page once a time. This function requires that the links locate under the same or sub directory, links under other directories will be skipped.

    When start a new page scan, click “Reset Scanner” to clear previous result, and navigate to new page, and then click “ScanPage”

    原始测试报告参见:http://www.janusec.com/download/WebCruiser_Web_Vulnerability_Scanner_Test_Report.pdf

  • 相关阅读:
    @字节跳动8年老Android面试官谈;Context都没弄明白凭什么拿高薪?
    @阿里面试官:Android面试这些原理都给我讲明白了,最低都是20k起步!
    @以后面试官再问你三次握手和四次挥手,直接把这一篇文章丢给他
    @备战2020年金三银四,看这一篇面试文章就够了(合适各级Java人员)
    字节跳动面试,第三面挂了,这原因我服了!
    太可惜了,四面字节跳动,我的offer竟被一道“算法题”给拦截了
    @java2019面试题北京
    @2019.07 Android 面试真题集锦
    2018 Java线程热门面试题,你知道多少?
    阿里大厂的148道核心面试题,(程序员必备学习方向)offer收割机 全会月薪50k不难
  • 原文地址:https://www.cnblogs.com/-U2-/p/4258408.html
Copyright © 2011-2022 走看看