Retina Web Security Scanner: Web Application Vulnerability Assessment
Dynamic application security testing (DAST) for identifying cross-site scripting (XSS), SQL injection, and other vulnerabilities across complex websites and web applications.
Comprehensive Vulnerability Scanning for Complex
Retina Web Security Scanner is a dynamic application security testing (DAST) solution designed for modern mobile and web applications built on new technologies such as REST, AJAX, JSON and GWT. With Retina Web Security Scanner, you get comprehensive application coverage and sophisticated attack capabilities, backed by the lowest false positive and false negative rates in the industry.
- Interpret and scan modern technologies such as Mobile, JSON, REST, SOAP, HTML5 and AJAX.
- Crawl, detect & attack vulnerabilities previously discoverable only through manual testing.
- Speed configuration and training via proximity analysis capabilities.
- Minimize false positives via comprehensive crawling, attacking & validation.
- Streamline remediation & communication with developers via actionable reports.
- Immediately patch using custom WAF/IPS rules.
- Comprehensive Crawling
- Automatically interpret and scan modern technologies such as Mobile, JSON, REST, SOAP, HTML5 and AJAX.
- Universal Translator
- Enables Retina Web Security Scanner to understand the new formats, protocols and development technologies used in today’s mobile and modern browser-based applications – and translate them to common schema for analysis and attack simulation.
- Automated Testing
- The Fewest False Positives
- Minimize false positives and negatives through comprehensive crawling, sophisticated attack techniques, and multiple iterations of vulnerability validation.
WEB APPLICATION CRAWLING
- Assess rich client traffic including AJAX, JQuery, GWT and Flash Remoting/AMF.
- Test backend applications with no HTML frontend or presentation layer.
- Auto-populate forms via presentation layer position and proximity analysis.
- Maintain sessions with smart login and session management.
WEB ASSESSMENT REPORTING
- Consolidate findings by attack types (e.g., XSS, SQLi, etc.).
- Drill down to key vulnerability data with a single click.
- Reproduce attacks in real time.
- Export XML report data for integration with tracking systems.
- Comply with reporting requirements for PCI, FISMA, OWASP, SOX, HIPAA, GLBA, and more.
CUSTOM WEB APPLICATION SCANNING
- Interpret and scan modern formats including Mobile, JSON, REST, SOAP and HTML5, enabling simulated attacks against web and mobile backend services.
- Test features such as shopping carts and business workflows via true sequence crawling.
- Collect and use XSRF tokens to scan applications with XSRF protection.
- Conduct pre-attack analysis to isolate attack vectors & delineate optimal attack techniques.
- Conduct reflection analysis with intelligent cross-site scripting (XSS) payloads.
- Reduce false positives and confirm exposures via automated process checks.
Server and General HTTP
- AJAX Auditing
- ASP.NET ViewState Validation
- Brute Force Authentication Attacks
- Canonicalization Attacks
- Cookie Security
- CORS (Cross-Origin Resource Sharing)
- Custom Fuzzing
- Detection of Client-Side Technologies
- Directory Indexing and Enumeration
- HTTP Response Splitting
- Path Manipulation - Traversal
- Shellshock (aka The BASH Bug)
Data Injection and Manipulation Attacks
- Blind SQL Injection
- Cross-Site Request Forgery
- DOM-Based XSS
- Expression Language Injection
- LDAP Injection
- Operating System Command Injection
- Parameter Redirection
- Persistent XSS
- Reflected Cross-Site Scripting (XSS)
- Remote File Include (RFI) Injection
- Server Side Include (SSI) Injection
- SQL Injection
- XML External Entity
- XPath Injections
Sessions and Authentication
- Authentication Attacks
- Brute Force Authentication Attacks
- Directory and Path Traversal
- File Enumeration
- Information Disclosure
- Insufficient Authentication
- Path Truncation
- Session Strength
- Web Services Auditing
- WebDAV Auditing
Retina Web Security Scanner
Download this overview document containing capabilities, highlights and competitive advantages of Retina Web Security Scanner. Retina Web Security Scanner is a dynamic application security testing (DAST) solution designed for modern mobile and web applications built on new technologies such as REST, AJAX, JSON and GWT. With Retina Web Security Scanner, you get comprehensive application coverage and sophisticated attack capabilities, backed by the lowest false positive and false negative rates in the industry.
Like many other people who tinker with UNIX and Linux on a regular basis, BASH has always been my shell of choice. Dating back to the early days moving from Windows to a non-Windows platform, mapping the keys correctly to allow easy navigation and control helped ensure an explosion of use for the shell. Unfortunately,... more
Two new audits have been released recently in our Retina vulnerability scan engine to close a security vulnerability that can enable an attacker to upload files remotely via a XSS flaw or lead to privacy issues because of a back end connection closing issue (CVE-2012-2687 and CVE-2012-3502, respectively). These two new audits have been released... moreSee all Retina Web Security Scanner blog posts