MatriXay:Web Application Scanner
MatriXay:Web Application Scanner Product Overview:
MatriXay is a web application vulnerability scanner researched by a team of DBPPSecurity security experts. It is based on in-depth analysis of typical security vulnerabilities as well as popular attack techniques in B/S structure application system.
Web application scanner 1 .0 (MatriXay 1.0) was released in World Security Congress Blackhat and Def-Con in August, 2006. Web application scanner 2.0(MatriXay 2.0) was released at Dec, 2007 and played an important role in 2008 Olympic Games. Web application scanner 3.0 (MatriXay 3.0) not only has exceptional scanning capability but also provides powerful penetration testing and web Trojan detection functions. Therefore, it is evaluated as “The best web security assessment tool”
MatriXay 3.0 aims to reduce the risk of Web application so as to reduce loses of national interests, social interests, business interests and individual interests. It is widely used in websites and internal B/S systems (such as OSS, ERP, OA, etc).
MatriXay:Web Application Scanner Features:
- In-depth Scan: risk-oriented in-depth scanning on web application can access to back-end database information and web application list.
- Web Vulnerability Detection: detect all kinds of typical web vulnerabilities deeply (such as SQL injection, Xpath injection, XSS, the form around, form weak password, all kinds of CGL vulnerabilities.)
- Web Trojan Detection: analyze a variety of linked Trojan automatically, effectively and intellectually; make an accurate analysis to the spreading Trojan virus type; make the position for web Trojan host.
- Penetration Testing: make deep analysis to the target web application and implement sound attack to obtain direct evidence of system security threats by imitating the vulnerability discovery techniques and attack methods of the hacker to current vulnerability.
- DB Audit: By fully simulating hijack attack through current weakness, to realize database Audit function，to obtain configuration information such as background database connection information, database name, database version, Data Dictionary etc.
- Complete, in-depth and accurate assessment of web application vulnerabilities can effectively enhance the active defense capabilities.
- Flexible and defined scanning working pattern
- Deep and intellectual Scan Engine
- Unique “evidence” model to ensure accurate and reliable results of the assessment
- Baseline audit of more than 10 kinds of database
- Complete risk assessment report
- Risk assessment report can support all kinds of file formats and can fully customize the content
- No third-party software support for installation and operation