Fingerprinting Off-the-Shelf Web Applications

Category: Product Docs & FAQS - Last Updated: Tue, 19 Apr 2016 - by Robert Abela

WordPress powers around 25% of the top one million websites in Alexa. Drupal, Joomla! And other popular CMS solutions power several other thousands of websites . And if there is a forum on a website, most probably it is powered by a forum software such as phpBB rather than a custom built one.

Custom built applications are still very popular, especially in business-specific web applications. Though off-the-shelf web applications are becoming more popular, especially the open source ones. There is nothing wrong with such new approach, though let's not forget that these are still web applications, and like all others, can have web vulnerabilities.

Note: this post is about the version checks of popular open source off-the-shelf web applications such as WordPress. If you want to check the security of the JavaScript libraries you use in your web applications refer to Ensure all JavaScript Libraries your developers use in web applications are not vulnerable.

Why Should You Keep Your Off-the-Shelf Web Applications Up to Date?

As highlighted in a post about the ramifications of outdated and vulnerable software, there is a lot at stake when using old software. Malicious users are constantly scanning websites randomly to check if they are vulnerable to a SQL Injection in old version of WordPress, or a Cross-site Scripting (XSS) vulnerability in an old version of Joomla! Or phpBB. Therefore if you are running an old version of such software it is only a matter of time until you get hacked.

Netsparker Fingerprints Off-the-Shelf Web Applications

Since is almost impossible to keep track of all the off-the-shelf web applications and components used in your web environment, in Netsparker we included several checks to help you automate the job. Netsparker will automatically fingerprint and identify any possible vulnerable JavaScript libraries and will also identify the versions of the most popular off-the-shelf web applications such as WordPress, Drupal, Joomla!, MediaWiki, phpBB, TWiki and several others.

Netsparker identifies an outdated version of WordPress


Dead accurate, fast & easy-to-use Web Application Security Scanner