Core Security
info@coresecurity.com  | +1.617.399.6980 | Contact Us   Core Blog Core Blog Twitter LinkedIn youtube
Core WebVerify Web
Application Security Testing Software
SHARE

WebVerify Web Application Vulnerability Coverage

Core WebVerify enables you to proactively identify and validate the most prevalent application security threats today, including key OWASP Top Ten web application threats plus other common vulnerabilities. With WebVerify, you can regularly and safely test web applications against actual data breach attempts, without requiring advanced technical skills.

OWASP Top 10 Vulnerabilities

WebVerify Testing Capabilities

A1. SQL Injection

  • Safely identify both traditional and blind SQL injection vulnerabilities
  • Dynamically create and inject SQL queries in an attempt to access the database
  • Interact with the compromised database

A1. OS Command Injection

  • Detect and exploit OS Command Injection weaknesses in web applications
  • Reveal the implications of a breach by taking control of the web server

A2. Cross-Site Scripting (XSS)

Identify and exploit GET- and POST-based XSS vulnerabilities, including:

  • URL-based, reflective XSS
  • Persistent (or stored) XSS
  • XSS in dynamic Adobe Flash objects

A3. Broken Authentication and Session Mgt.

Guess usernames and passwords.

A4. Insecure Direct Object References

Identify, search and follow hidden pages, backup/old pages, and robots.txt files.

A5. Cross-Site Request Forgery (CSRF)

  • Identify CSRF weaknesses in web applications
  • Replicate CSRF attacks to demonstrate exploitability

A6. Security Misconfiguration 

Leverage multi-vector testing to identify security misconfiguration issues across:

  • Web applications
  • Web servers
  • Backend network environments

A7. Insecure Cryptographic Storage 

  • Identify unencrypted data upon successfully accessing a SQL database
  • Identify exposed credit card numbers, social security numbers and email addresses
  • Define custom searches for other types of sensitive data

A8. Failure to Restrict URL Access 

Access admin, backup and old pages via authenticated and unauthenticated sessions.

A9. Insufficient Transport Layer Protection

  • Flag weak encryption in HTTPS-secured sites.

A10. Unvalidated Redirects and Forwards

  • Identify applications that redirect and forward without proper validation
  • Demonstrate how an attacker could redirect victims to malicious sites

 

Other Vulnerabilities

 

Remote and Local File Inclusion for PHP

Manipulate PHP templates in an attempt to retrieve commands from the web server.

WebDAV Configuration Weaknesses

Detect and exploit poorly configured WebDAV implementations.