With Dynamic Reviewer Light-PenTest module, you can inspect your web application during running, directly using your Browser.
...
You can import third-party Security Scanners results. They will be correlated automatically.
Dynamic Reviewer DAST provides a robust and stable framework for Web Application Security Testing, suitable for all Security Analysts, QA and Developers with False Positives and False Negatives support. It is built over an optimum mix of Manual and Automated Testing and allows designing customised penetration tests, offering an easy-to-use GUI and advanced Scan capabilities.
...
In essence, you have access to roughly the same information that your favorite debugger (for example, FireBug) would provide, as if you had set a breakpoint to take place at the right time for identifying an issue.
Web Security Issues
Dynamic Reviewer provides the following HTTP passive and active scan rules which find specific vulnerabilities.
Note that these are examples of the alerts raised - many rules include different details depending on the exact problem encountered.
Id | Ossue | Risk | Type |
---|---|---|---|
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
High | Passive | ||
High | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
High | Passive | ||
Low | Passive | ||
Informational | Passive | ||
High | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Information Disclosure - Sensitive Information in HTTP Referrer Header | Informational | Passive | |
High | Passive | ||
Informational | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Low | Passive | ||
High | Passive | ||
High | Passive | ||
Informational | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s) | Low | Passive | |
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
Big Redirect Detected (Potential Sensitive Information Leak) | High | Passive | |
High | Active | ||
Medium | Passive | ||
Low | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Medium | Passive | ||
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Informational | Active | ||
Low | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
High | Passive | ||
Informational | Passive | ||
Informational | Active | ||
High | Passive | ||
Medium | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Informational | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
Informational | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Informational | Active | ||
Informational | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
High | Passive | ||
High | Passive | ||
Low | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
Medium | Active | ||
High | Active | ||
Informational | Passive | ||
Informational | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | WebSocket Passive | ||
Informational | WebSocket Passive | ||
Low | WebSocket Passive | ||
Informational | WebSocket Passive | ||
High | WebSocket Passive | ||
Low | WebSocket Passive | ||
Informational | WebSocket Passive | ||
Information Disclosure - Suspicious Comments in XML via WebSocket | Informational | WebSocket Passive |
DOM Security Issues
The list of DOM Security Issues found by Dynamic Reviewer are:
...
DISCLAIMER: Due we make use of open source components (w3af, pWeb, dradis, wXf, OSVDB), we do not sell the product, but we offer a yearly subscription-based Commercial Support to selected Customers, plus our Commercial Security Scanner.
COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.