Trusted by more than 2000+ global businessesfor their thousands of sites

Plan Details

Risk Detection
Managed Web Application Security Scanning
Bi-Weekly
Full Support of HTML5, AJAX and JSON
No. of Pages Scanned
250
No. of Application Credentials
1
Coverage for OWASP Top 10, PCI DSS 6.5.x and SANS Top 25 Vulnerabilities Detection
Vulnerability Revalidation checks
Support through Email, Chat and Phone

AppTrana’s cloud-based scanning tests for hundreds of security flaws including OWASP Top 10 and SANS Top 25 vulnerabilities. Along with the automated scanner’s razor focus on finding vulnerabilities, the security reports are analysed by trained security experts to help you understand the business impact of the security loopholes within the web app.

In your fight against cyber criminals, OWASP’s Top 10 Vulnerabilities list will serve as an ideal place to start securing the business website. The following checklist provides each of the Top 10 Web Application Security Risks Tests recommended by OWASP and its detection coverage under AppTrana scanning.

Overview of tests performed during the scan:

A1 Injection

Tests Recommended byOWASP
Covered by AppTrana
Test for SQL Injection
Test for LDAP Injection
Test for XPath Injection
Test for Code Injection
Test for Command Injection

A2 Weak Authentication and Session Management

Tests Recommended byOWASP
Covered by AppTrana
Test for CredentialsTransported over anEncrypted Channel
Test for cookies attributes
Test for Exposed SessionVariables

A3 Cross Site Scripting

Tests Recommended byOWASP
Covered by AppTrana
Test for Reflected Cross sitescripting
Test for Stored Cross sitescripting
Test for DOM-based Crosssite scripting
Test for JavaScriptExecution
Test for Cross site flashing
XSS Filter Evasion CheatSheet

A4 Broken Access Control

Tests Recommended byOWASP
Covered by AppTrana
Test Directory traversal/fileinclude
Test for Insecure DirectObject References
Test for Local File Inclusion

A5 Security Misconfiguration

Tests Recommended byOWASP
Covered by AppTrana
Fingerprint Web Server
Fingerprint Web ApplicationFramework
Fingerprint Web Application
Enumerate Infrastructureand Application AdminInterfaces
Test HTTP Methods
Test RIA cross domain policy
Test for Error Code
Test for Stack Traces

A6 Sensitive Data Exposure

Tests Recommended byOWASP
Covered by AppTrana
Test for Weak SSL/TLS Ciphers,Insufficient TransportLayer Protection
Test for Padding Oracle
Test for Sensitive informationsent via unencryptedchannels
Test for Credentials Transportedover an EncryptedChannel

A7 Insufficient Attack protection

Tests Recommended byOWASP
Covered by AppTrana
Validation is done via attackvectors to verify if applicationserver has deployedany WAF/IPS/IDS or not
Not Applicable

A8 Cross - Site Request Forgery

Tests Recommended byOWASP
Covered by AppTrana
Test for CSRF
AppTrana Manual Testing

A9 - Using components with Unknown Vulnerabilities

Tests Recommended byOWASP
Covered by AppTrana
Enumerate Applications onWebserver
AppTrana Manual Testing

A10 - Under protected APIs

Tests Recommended byOWASP
Covered by AppTrana
Enumerate Applications onWebserver
AppTrana Manual Testing

Start For Free Today