Web Application Penetration Testing

CSA offers the most comprehensive web application penetration testing capabilities available in one solution. With Impact, you go beyond scanning to exploit and interact with vulnerable web applications just as an attacker could. Only Impact integrates web application testing with network, endpoint and wireless testing, enabling you to assess your organization’s ability to detect, prevent and respond to real-world, multi-staged threats.

- Identify weaknesses in web applications, web servers and associated databases
- Dynamically generate exploits that can compromise security weaknesses
- Demonstrate the potential consequences of a breach
- Gather information necessary for addressing security issues and preventing data incidents

INFORMATION GATHERING AND SCAN IMPORT

- Crawl web pages and identify URLs to test

- Import results from popular web application vulnerability scanners, including Acunetix® Web Security Scanner, Cenzic Enterprise®, HP WebInspect®, IBM Rational AppScan®, and NTOSpider®

- Filter scan results and identify significant points of exposure

- Fingerprint applications to select and run known exploits for off-the-shelf web applications

- Gather information for dynamically creating exploits for custom applications

- Impersonate authenticated users

- Impersonate several browsers, including mobile browsers

ATTACK AND PENETRATION

CSA is the first and only automated, commercial-grade web application penetration testing solution to address the most prevalent security threats facing organizations today, including:

- Injection (OWASP A1)

- Broken Authentication and Session Management (OWASP A2)

- Cross-Site Scripting (XSS) (OWASP A3)

- Insecure Direct Object References (OWASP A4)

- Security Misconfiguration (OWASP A5)

- Sensitive Data Exposure (OWASP A6)

- Missing Function Level Access Control (OWASP A7)

- Cross-Site Request Forgery (OWASP A8)

- Using Components with Known Vulnerabilities (OWASP A9)

- Unvalidated Redirects and Forwards (OWASP A10)

Dynamic Exploits for Custom Web Applications

Testing custom applications for security vulnerabilities requires the creation of unique exploits. Impact dynamically creates customized exploits on-the-fly to safely replicate attacks against both proprietary and out-of-the-box web applications.

Other Web Application Testing Capabilities

In addition to addressing the OWASP Top 10, Impact enables you to:

- Test PHP applications against Remote and Local File Inclusion

- Exploit WebDAV configuration weaknesses

- Evade firewalls

- Reveal weak HTTPS encryption

- Test surveillance cameras against web attacks

- Detect vulnerabilities in SOAP-based or RESTful web services

- Employ interactive crawling of a mobile application web services backend

   or Register