Trusted by more than 1000 global businessesfor their thousands of sites

Plan Details

Risk Detection
Managed Web Application Security Scanning
Bi-Weekly
Full Support of HTML5, AJAX and JSON
No. of Pages Scanned
250
No. of Application Credentials
1
Coverage for OWASP Top 10, PCI DSS 6.5.x and SANS Top 25 Vulnerabilities Detection
Vulnerability Revalidation checks
Support through Email, Chat and Phone

AppTrana’s cloud-based scanning tests for hundreds of security flaws including OWASP Top 10 and SANS Top 25 vulnerabilities. Along with the automated scanner’s razor focus on finding vulnerabilities, the security reports are analysed by trained security experts to help you understand the business impact of the security loopholes within the web app.

In your fight against cyber criminals, OWASP’s Top 10 Vulnerabilities list will serve as an ideal place to start securing the business website. The following checklist provides each of the Top 10 Web Application Security Risks Tests recommended by OWASP and its detection coverage under AppTrana scanning.

Overview of tests performed during the scan:

A1 Injection

Tests Recommended by OWASP
Covered by AppTrana
Test for SQL Injection
Test for LDAP Injection
Test for XPath Injection
Test for Code Injection
Test for Command Injection

A2 Weak Authentication and Session Management

Tests Recommended by OWASP
Covered by AppTrana
Test for Credentials Transported over an Encrypted Channel
Test for cookies attributes
Test for Exposed Session Variables

A3 Cross Site Scripting

Tests Recommended by OWASP
Covered by AppTrana
Test for Reflected Cross site scripting
Test for Stored Cross site scripting
Test for DOM-based Cross site scripting
Test for JavaScript Execution
Test for Cross site flashing
XSS Filter Evasion Cheat Sheet

A4 Broken Access Control

Tests Recommended by OWASP
Covered by AppTrana
Test Directory traversal/file include
Test for Insecure Direct Object References
Test for Local File Inclusion

A5 Security Misconfiguration

Tests Recommended by OWASP
Covered by AppTrana
Fingerprint Web Server
Fingerprint Web Application Framework
Fingerprint Web Application
Enumerate Infrastructure and Application Admin Interfaces
Test HTTP Methods
Test RIA cross domain policy
Test for Error Code
Test for Stack Traces

A6 Sensitive Data Exposure

Tests Recommended by OWASP
Covered by AppTrana
Test for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection
Test for Padding Oracle
Test for Sensitive information sent via unencrypted channels
Test for Credentials Transported over an Encrypted Channel

A7 Insufficient Attack protection

Tests Recommended by OWASP
Covered by AppTrana
Validation is done via attack vectors to verify if application server has deployed any WAF/IPS/IDS or not
Not Applicable

A8 Cross - Site Request Forgery

Tests Recommended by OWASP
Covered by AppTrana
Test for CSRF
AppTrana Manual Testing

A9 - Using components with Unknown Vulnerabilities

Tests Recommended by OWASP
Covered by AppTrana
Enumerate Applications on Webserver
AppTrana Manual Testing

A10 - Under protected APIs

Tests Recommended by OWASP
Covered by AppTrana
Enumerate Applications on Webserver
AppTrana Manual Testing

Start For Free Today