CSA is the first and only automated, commercial-grade web application penetration testing solution to address the most prevalent security threats facing organizations today, including:
- Injection (OWASP A1)
- Broken Authentication and Session Management (OWASP A2)
- Cross-Site Scripting (XSS) (OWASP A3)
- Insecure Direct Object References (OWASP A4)
- Security Misconfiguration (OWASP A5)
- Sensitive Data Exposure (OWASP A6)
- Missing Function Level Access Control (OWASP A7)
- Cross-Site Request Forgery (OWASP A8)
- Using Components with Known Vulnerabilities (OWASP A9)
- Unvalidated Redirects and Forwards (OWASP A10)
Dynamic Exploits for Custom Web Applications
Testing custom applications for security vulnerabilities requires the creation of unique exploits. Impact dynamically creates customized exploits on-the-fly to safely replicate attacks against both proprietary and out-of-the-box web applications.
Other Web Application Testing Capabilities
In addition to addressing the OWASP Top 10, Impact enables you to:
- Test PHP applications against Remote and Local File Inclusion
- Exploit WebDAV configuration weaknesses
- Evade firewalls
- Reveal weak HTTPS encryption
- Test surveillance cameras against web attacks
- Detect vulnerabilities in SOAP-based or RESTful web services
- Employ interactive crawling of a mobile application web services backend