During our researches we can use a scan sensor, which is a security technology that allows to identify more vulnerabilities than a traditional Web Application Scanner, whilst generating less false positives. In addition, it reports debug information and indicates exactly where in your code the vulnerability is.
The increased accuracy is achieved by combining black box scanning techniques with feedback from sensors placed non-destructively inside the source code. Black box scanning does not know how the application reacts and source code analyzers do not understand how the application will behave while it is being attacked. Therefore, the combination of these techniques will achieve more relevant results than using source code analyzers and black box scanning independently. However, there are more advantages to using the scan sensor:
- Allows you to locate and fix the vulnerabilities faster because of the ability to provide more information about vulnerabilities, such as source code line number, stack trace and affected SQL queries.
- Significantly reduces false positives when scanning a website because, internally, the behavior of the web application is better understood.
- Can alert you of web application configuration problems which could result in a vulnerable application or expose internal application details. E.g. If ‘custom errors’ are enabled in .NET, this could expose sensitive application details to a malicious user.
- Detect many more SQL injection vulnerabilities. Previously SQL injection vulnerabilities could only be found if database errors were reported or via other common techniques.
- Ability to detect SQL Injection vulnerabilities in all SQL statements, including in SQL INSERT statements. With a black box scanner such SQL injections vulnerabilities cannot be found.
- Ability to know about all the files present and accessible through the web server. Files created by attackers, to serve as a backdoor, in the application directory will be found with a scan sensor.
- The scan sensor builds a comprehensive list of all possible web application input end-points based on intercepted inputs and tests these end-points.
- No need to write URL rewrite rules when scanning web applications which use search engine friendly URLs. The scan sensor allows the scanner to rewrite SEO URLs on the fly.
- Ability to test for arbitrary file creation and deletion vulnerabilities. E.g. Through a vulnerable script a malicious user can create a file in the web application directory and execute it to have privileged access, or delete sensitive files.
- Ability to test for email injection. E.g. A malicious user may append additional information such as a list of recipients or their own text to the message body of a vulnerable web form, to spam a large number of recipients anonymously.