With Dynamic Reviewer Light-PenTest module, you can inspect your web application during running, directly using your Browser.
...
You can import third-party Security Scanners results. They will be correlated automatically.
Dynamic Reviewer DAST provides a robust and stable framework for Web Application Security Testing, suitable for all Security Analysts, QA and Developers with False Positives and False Negatives support. It is built over an optimum mix of Manual and Automated Testing and allows designing customised penetration tests, offering an easy-to-use GUI and advanced Scan capabilities.
...
In essence, you have access to roughly the same information that your favorite debugger (for example, FireBug) would provide, as if you had set a breakpoint to take place at the right time for identifying an issue.
Web Security Issues
Dynamic Reviewer runs testing to identify all of the major web application security vulnerabilities, such as SQL Injection, Cross-Site Scripting, Cross Site Request Forgery, and more. Dynamic Reviewer has an ever growing list of tests that are run against the application and APIs to identify potential security vulnerabilities.
Dynamic Reviewer provides the following HTTP passive and active scan rules which find specific vulnerabilities.
Note that these are examples of the alerts raised - many rules include different details depending on the exact problem encountered.
Id | Ossue | Risk | Type |
---|---|---|---|
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
High | Passive | ||
High | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
High | Passive | ||
Low | Passive | ||
Informational | Passive | ||
High | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Information Disclosure - Sensitive Information in HTTP Referrer Header | Informational | Passive | |
High | Passive | ||
Informational | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Low | Passive | ||
High | Passive | ||
High | Passive | ||
Informational | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s) | Low | Passive | |
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
Big Redirect Detected (Potential Sensitive Information Leak) | High | Passive | |
High | Active | ||
Medium | Passive | ||
Low | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Medium | Passive | ||
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Informational | Active | ||
Low | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
High | Passive | ||
Informational | Passive | ||
Informational | Active | ||
High | Passive | ||
Medium | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Informational | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
Informational | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Informational | Active | ||
Informational | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
High | Passive | ||
High | Passive | ||
Low | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
Medium | Active | ||
High | Active | ||
Informational | Passive | ||
Informational | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | WebSocket Passive | ||
Informational | WebSocket Passive | ||
Low | WebSocket Passive | ||
Informational | WebSocket Passive | ||
High | WebSocket Passive | ||
Low | WebSocket Passive | ||
Informational | WebSocket Passive | ||
Information Disclosure - Suspicious Comments in XML via WebSocket | Informational | WebSocket Passive |
Note that these are examples of the alerts raised - many rules include different details depending on the exact problem encountered.
DOM Security Issues
The list of DOM Security Issues found by Dynamic Reviewer are:
...
DISCLAIMER: Due we make use of open source components (w3af, pWeb, dradis, wXf, OSVDB), we do not sell the product, but we offer a yearly subscription-based Commercial Support to selected Customers, plus our Commercial Security Scanner.
COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.