Advantages of using AcuSensor Technology
- Ability to provide more information about the vulnerability, such as source code line number, stack trace, affected SQL query.
- Allows you to locate and fix the vulnerability faster because of the ability to provide more information about the vulnerability, such as source code line number, stack trace, affected SQL query, etc.
- Significantly reduces false positives when scanning a website because it understands the behavior of the web application better.
- Can alert you of web application configuration problems which could result in a vulnerable application or expose sensitive information. E.g. If ‘custom errors’ are enabled in .NET, this could expose sensitive application details to a malicious user.
- It can advise you how to better secure your web application and web server settings, e.g. if write access is enabled on the web server.
- Detects many more SQL injection vulnerabilities. Previously SQL injection vulnerabilities could only be found if database errors were reported or via other common techniques.
- Ability to detect SQL Injection vulnerabilities in all SQL statements, including in SQL INSERT statements. With a black box scanner such SQL injection vulnerabilities cannot be found.
- Ability to know about all the files present and accessible through the web server. If an attacker will gain access to the website and create a backdoor file in the application directory, the file will be found and scanned when using the AcuSensor Technology and you will be alerted.
- AcuSensor Technology is able to intercept all web application inputs and build a comprehensive list with all possible inputs in the website and test them.
- No need to write URL rewrite rules when scanning web applications which use search engine friendly URL’s! Using the AcuSensor Technology the scanner is able to rewrite SEO URL’s on the fly.
- Ability to test for arbitrary file creation and deletion vulnerabilities. E.g. Through a vulnerable script a malicious user can create a file in the web application directory and execute it to have privileged access, or delete sensitive web application files.
- Ability to test for email injection. E.g. A malicious user may append additional information such as a list or recipients or additional information to the message body to a vulnerable web form, to spam a large number of recipients anonymously.
- Ability to test for file upload forms vulnerabilities. E.g. A malicious user can bypass file upload form validation checks and upload a malicious file and execute it.
- Unlike other vulnerabilities reported in typical scans, a vulnerability reported by the AcuSensor Technology contains much more detailed information. It can contain details such as source code line number, POST variable value, stack trace, affected SQL query etc. A vulnerability reported by the AcuSensor Technology, will be marked with ‘(AS)’ in the title.
If you have any inquiry or questions, feel free to contact E-SPIN for solution, product and project requirements.