With Dynamic Reviewer Light-PenTest module, you can inspect your web application during running, directly using your Browser.
...
You can import third-party Security Scanners results. They will be correlated automatically.
Dynamic Reviewer DAST provides a robust and stable framework for Web Application Security Testing, suitable for all Security Analysts, QA and Developers with False Positives and False Negatives support. It is built over an optimum mix of Manual and Automated Testing and allows designing customised penetration tests, offering an easy-to-use GUI and advanced Scan capabilities.
...
Dynamic Reviewer provides the following HTTP passive and active scan rules which find specific vulnerabilities. Dynamic Reviewer can discover the following OWASP ZAP Web Security Issues:
Id | Ossue | Risk | Type |
---|---|---|---|
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
High | Passive | ||
High | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
High | Passive | ||
Low | Passive | ||
Informational | Passive | ||
High | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Information Disclosure - Sensitive Information in HTTP Referrer Header | Informational | Passive | |
High | Passive | ||
Informational | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Low | Passive | ||
High | Passive | ||
High | Passive | ||
Informational | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
Server Leaks Information via 'X-Powered-By' HTTP Response Header Field(s) | Low | Passive | |
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
High | Passive | ||
Big Redirect Detected (Potential Sensitive Information Leak) | High | Passive | |
High | Active | ||
Medium | Passive | ||
Low | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Medium | Passive | ||
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Informational | Active | ||
Low | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Low | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
High | Passive | ||
Informational | Passive | ||
Informational | Active | ||
High | Passive | ||
Medium | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Passive | ||
Medium | Active | ||
Informational | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
Informational | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Medium | Active | ||
Informational | Active | ||
Informational | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Active | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Active | ||
High | Active | ||
Medium | Passive | ||
Medium | Passive | ||
High | Passive | ||
High | Passive | ||
Low | Passive | ||
Low | Passive | ||
Low | Passive | ||
Informational | Passive | ||
Medium | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
High | Active | ||
Informational | Active | ||
Medium | Active | ||
High | Active | ||
Informational | Passive | ||
Informational | Passive | ||
High | Active | ||
High | Active | ||
High | Active | ||
Medium | WebSocket Passive | ||
Informational | WebSocket Passive | ||
Low | WebSocket Passive | ||
Informational | WebSocket Passive | ||
High | WebSocket Passive | ||
Low | WebSocket Passive | ||
Informational | WebSocket Passive | ||
Information Disclosure - Suspicious Comments in XML via WebSocket | Informational | WebSocket Passive |
Note that these are examples of the alerts raised - many rules include different details depending on the exact problem encountered.
Active vs. Passive Scans
Passive scans review all HTTP requests and responses from the application, looking for indicators of security vulnerabilities. These scans do not change anything about the requests. Active scans, on the other hand, will create and modify requests being sent to the application,
Passive Scans include Passive Fingerprinting. Whenever Dynamic Reviewer obtains a fingerprint from the observed traffic, passing through any firewall, it identifies the Operating System and obtain some ancillary data needed for other analysis tasks.
For TCP/IP, the tool fingerprints the client-originating SYN packet and the first SYN+ACK response from the server, paying attention to factors such as the ordering of TCP options, the relation between maximum segment size and window size, the progression of TCP timestamps, and the state of about a dozen possible implementation quirks (e.g. non-zero values in "must be zero" fields). The metrics used for application-level traffic vary from one module to another; where possible, the tool relies on signals such as the ordering or syntax of HTTP headers or SMTP commands, rather than any declarative statements such as User-Agent. Application-level fingerprinting modules currently support HTTP, SMTP, FTP, POP3, IMAP, SSH, and SSL/TLS. Some of its capabilities include:
- Highly scalable and extremely fast identification of the operating system and software on both endpoints of a vanilla TCP connection - especially in settings where NMap probes are blocked, too slow, unreliable, or would simply set off alarms,
- Measurement of system uptime and network hookup, distance (including topology behind NAT or packet filters), and so on.
- Automated detection of connection sharing / NAT, load balancing, and application-level proxying setups.
- Detection of dishonest clients / servers that forge declarative statements such as X-Mailer or User-Agent.
Active scans, on the other hand, will create and modify requests being sent to the application, sending test requests that will surface vulnerabilities that would not be caught in a passive scan.
Active scans are definitely a better way to test for vulnerabilities in your application, as the test suite injects requests that will surface vulnerabilities. These scans are, however, actively attempting to attack the application, which may include creating or deleting data.While passive scans are low risk, they also will not catch many potential vulnerabilities. By nature, these tests do not test for the most aggressive vulnerabilities, such as SQL Injection.
DOM Security Issues
The list of DOM Security Issues found by Dynamic Reviewer are:
...