New Web Application Scanning Provides a More Complete Picture of Risk

Version 6.3 introduces the new Web Scanner component of Retina Network Security Scanner (RNSS). RNSS provides the user interface for launching web scans and displaying a Web Assessment Report that contains findings from those scans. Specific features include:
  • SQL injection detection
  • Reflected cross-site scripting detection
  • Web form authentication
  • Auto-discovery of Web form login pages during crawling:
  • Crawling settings
  • SQL injection detection
  • Reflected cross-site scripting detection
  • Remote file inclusion detection
  • Path traversal detection
  • External redirect detection
  • Form submission via GET and POST
  • Detection of logged in and logged out states during crawling, with the ability to re-login to a logged out session
  • Exclusion of pages from the scan based on regular expressions
  • Display of request and response payload data
  • Clear-text password submission detection
  • Detection of insecure (non-TLS) communications
  • Additional authentication schemes (e.g., HTTP Basic Authentication, NTLM)
Retina’s new Web Application Scanning also introduces a new Web Assessment Report. The report includes:
  • A Summary section
  • External URLs obtained during crawling
  • Audit Findings, including Request and Response payloads. Where possible, injected text is highlighted in the Request payload, and text used by Retina to establish the Finding is highlighted in the Response payload
  • Links to Common Weakness Enumeration (CWE) pages that provide official descriptions of the found vulnerability
  • A link to a Web Summary Report that does not provide payload-detail, and is therefore much smaller than the standard Web Assessment Report. It can be used to present a high-level view of the found vulnerabilities
For a representation of this new reporting, please see the screenshot below.e The new Web Application Scanning reports show the details for each affected URL, including Request and Response payloads. The Response Body highlights the vulnerability. Adding this new capability into RNSS provides security teams with a more complete picture of their IT environments, helping them to further prioritize risks.

New Configuration Utility Simplifies Management

Retina Network Security Scanner version 6.3 also introduces a new standalone configuration utility which greatly simplifies the configuration and management of Licensing, Central Policy, Event Management and Auto-Update settings for both Retina Network Security Scanner and Retina Host Security Scanner. For a representation of this new configuration utility, please see the screenshot below.