zoukankan      html  css  js  c++  java
  • 转:WebCruiser Web Vulnerability Scanner 3 测评

    WebCruiser是一款Web高危漏洞扫描器,相对于其它大型扫描器,WebCruiser的典型特点是聚焦高危漏洞,且可以只扫指定的漏洞类型,可以只扫指定的URL,可以只扫指定的页面。当然也可以进行全站扫描。其从3.0版本开始,通过WAVSEP(扫描器评估) v1.5进行检测评估,已经100%覆盖SQL注入和跨站的全部用例。

    WebCruiser安全扫描工具使用手册V3下载    

    在线查看:

    http://www.docin.com/p-1059883525.html

     

     

    WebCruiser Web Vulnerability Scanner 3 Test Report

     

    1.  Test Report

    1.1. SQL Injection Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    GET Input Vector

    Erroneous 500 Responses

    19

    19

    100%

    Erroneous 200 Responses

    19

    19

    100%

    200 Responses With Differentiation

    19

    19

    100%

    Identical 200 Responses

    8

    8

    100%

    POST Input Vector

    Erroneous 500 Responses

    19

    19

    100%

    Erroneous 200 Responses

    19

    19

    100%

    200 Responses With Differentiation

    19

    19

    100%

    Identical 200 Responses

    8

    8

    100%

    GET Input Vector – Experimental

    Insert / Delete / Other

    1

    1

    100%

    POST Input Vector - Experimental

    Insert / Delete / Other

    1

    1

    100%

    1.2. XSS Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    GET Input Vector

    ReflectedXSS

    32

    32

    100%

    POST Input Vector

    ReflectedXSS

    32

    32

    100%

    Cookie Input Vector - Experimental

    ReflectedXSS

    1

    1

    100%

    GET Input Vector - Experimental

    ReflectedXSS

    11

    11

    100%

    POST Input Vector - Experimental

    ReflectedXSS

    11

    11

    100%

    GET Input Vector - Experimental

    DomXSS

    4

    4

    100%

    1.3. LFI Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    Get Input Vector

    Erroneous HTTP 500 Responses

    68

    68

    100%

    Erroneous HTTP 404 Responses

    68

    68

    100%

    Erroneous HTTP 200 Responses

    68

    68

    100%

    HTTP 302 Redirect Responses

    68

    68

    100%

    HTTP 200 Responses With Differentiation

    68

    68

    100%

    HTTP 200 Responses with Default File on Error

    68

    68

    100%

    POST Input Vector

    Erroneous HTTP 500 Responses

    68

    68

    100%

    Erroneous HTTP 404 Responses

    68

    68

    100%

    Erroneous HTTP 200 Responses

    68

    68

    100%

    HTTP 302 Redirect Responses

    68

    68

    100%

    HTTP 200 Responses With Differentiation

    68

    68

    100%

    HTTP 200 Responses with Default File on Error

    68

    68

    100%

    1.4. RFI Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    Get Input Vector

    Erroneous HTTP 500 Responses

    9

    9

    100%

    Erroneous HTTP 404 Responses

    9

    9

    100%

    Erroneous HTTP 200 Responses

    9

    9

    100%

    HTTP 302 Redirect Responses

    9

    9

    100%

    HTTP 200 Responses With Differentiation

    9

    9

    100%

    HTTP 200 Responses with Default File on Error

    9

    9

    100%

    POST Input Vector

    Erroneous HTTP 500 Responses

    9

    9

    100%

    Erroneous HTTP 404 Responses

    9

    9

    100%

    Erroneous HTTP 200 Responses

    9

    9

    100%

    HTTP 302 Redirect Responses

    9

    9

    100%

    HTTP 200 Responses With Differentiation

    9

    9

    100%

    HTTP 200 Responses with Default File on Error

    9

    9

    100%

    1.5. Redirect Test Report

    Input Vector

    Test Cases

    Cases Count

    Report

    Pass Rate

    Get Input Vector

    HTTP 302 Redirect Responses

    15

    15

    100%

    HTTP 200 Responses With Javascript Redirect

    15

    15

    100%

    POST Input Vector

    HTTP 302 Redirect Responses

    15

    15

    100%

    HTTP 200 Responses With Javascript Redirect

    15

    15

    100%

    1.6. False Positive Test Report

    False Vuln

    Test Cases

    Cases Count

    Report

    Pass Rate

    SQL Injection

    False Positive

    10

    0

    100%

    XSS

    False Positive

    7

    0

    100%

    2.  Test Environment

    2.1. Product and Test Cases

    WAVSEP (Web Application Vulnerability Scanner Evaluation Project) v1.5

    WAVSEP Environment: Windows8.1 + XAMPP (Tomcat + MySQL)

    WebCruiser Web Vulnerability Scanner Enterprise Edition V3.1.0

    2.2. Test Scope

    This test report includes the following vulnerabilities:

    •  SQL Injection
    •  Cross-site Scripting(XSS)
    •  LFI(Local File Inclusion)
    •  RFI(Remote File Inclusion)
    •  Redirect

    Other test cases are not included.

    2.3. Test Method

    In order to get the test results quickly, we use a new feature of WebCruiser Web Vulnerability Scanner, which is “Scan Page”, which means it will scan all links in a page once a time. This function requires that the links locate under the same or sub directory, links under other directories will be skipped.

    When start a new page scan, click “Reset Scanner” to clear previous result, and navigate to new page, and then click “ScanPage”

    原始测试报告参见:http://www.janusec.com/download/WebCruiser_Web_Vulnerability_Scanner_Test_Report.pdf

  • 相关阅读:
    GIT的使用及心得
    XCODE的演变及使用经验分享
    软件工程学习计划
    这只是一个测试,注意,这只是一个测试
    软工实践---个人
    调研Android开发环境的发展演变
    软件工程的实践项目的自我目标
    调研ANDRIOD平台的开发环境的发展演变
    软件工程的实践项目的自我目标
    Leetcode题库——39.组合总和
  • 原文地址:https://www.cnblogs.com/-U2-/p/4258408.html
Copyright © 2011-2022 走看看