Malicious website hack attacks do not just happen when someone successfully exploits a web application vulnerability. Many attacks are successful because an attacker discovered a hidden admin interface while analysing the developer comments in the code, or because the attacker found some debug information in an error code that gave him enough information to connect directly to some backend portal or database.
Therefore a web vulnerability scanner should report much more than just exploitable web application vulnerabilities. And that is where Netsparker excels; Netsparker Desktop and Netsparker Cloud are not just web vulnerability scanners that automatically identify vulnerabilities in web applications. They are all rounder web security tools that can highlight other potential security issues which are typically not classified as "vulnerabilities" but help attackers gain additional knowledge and craft a successful hack attack against a web application.
Netsparker scanners provide the user with a complete detailed analysis of the target web application. All of this information can be found under the knowledge base node, in the sitemap section. Below is a complete list of all knowledge base nodes and the information they present to the user.
- Out of Scope Links
- Interesting Headers
- Web Pages with Inputs
- MIME Types
- File Extensions
- Email Addresses
- Embedded Objects
- External Scripts
- External Frames
- Web Services
- CSS Files
- Slowest Pages
- URL Rewrite
- REST API
Out of Scope Links
In the Out of Scope Links knowledge base node Netsparker lists all the links found in the target web application but do not fall under the scanning scope, hence they won't be been scanned.
From this knowledge base node users can determine what was not scanned and why so they can fine tune their security scan settings should they wish to also scan these links.
In the Interesting Headers knowledge base node Netsparker lists all the unusual HTTP headers encountered during the security scan of the target web application. Such information is very useful for quality assurance teams; it can lead them to discover any legacy or unused components which are still being called because some unused code is still enabled in the system.
Such information can also help security professionals uncover more information about the target web applications and the environment it is running in. For example they can find out if a load balancer or web application firewall is in use and can help them determine the version of some of the server components for more targeted testing.
Web Pages with Inputs
In this knowledge base node Netsparker lists all of the target's web application pages that have an input. This list can be used by developers and quality assurance members for further manual testing. Security professionals find such information useful as well since it gives them a better overview of the attack surfaces of a web application.
In this knowledge base node Netsparker lists all the MIME Types discovered on the target web application. Under each MIME type Netsparker also lists all the files with such MIME type. Such information is very handy in case further manual testing is required. It also helps security professionals spot any unusual file / type served by the server which could also be a result of a successful hack.
In this knowledge base node Netsparker lists all the different file extensions identified on the target web application. Under each extension it will also list down all the files with such an extension. Although this information might not contain a lot of juicy information, it helps security professionals determine what is being served from the target web application.
In this knowledge base node Netsparker lists all the email addresses identified on the target web application. Although having clear text email addresses on a website is not a vulnerability in itself, it is good to know that email addresses are published on the website.
In this knowledge base node Netsparker lists all the embedded objects such as Flash file or ActiveX component discovered on the target web application and their location.
Information in this knowledge base node can also help users determine if the target web application have been already hacked, for example malware is being distributed via an injected script. All (un)trusted 3rd party scripts used on your web application are also listed in this knowledge base node.
In this knowledge base node Netsparker lists all the frames on the target web application which originate from an external source. Similar to external scripts, external frames might be the result of an already hacked website, hence it is good for security professionals to know about all of the external objects in a web application.
In this knowledge base node Netsparker lists all the source code comments identified on the target web application and highlights keywords which might contain sensitive information. Most probably this is the most overlooked security issue of all and could lead to sensitive information disclosure.
For example imagine what a comment such as the below can lead to:
<!-- similar to admin pages in /hiddenadmin/ -->
If such a comment is found by malicious attackers they know that there is some sort of hidden admin area which might give them more information or access to the admin portal. It is very typical for developers to leave very sensitive information on web applications such as connection strings, administrative accounts credentials, details of the test environment and much more.
Netsparker will automatically find and crawl identified paths in the comments but there is much more that can be left in the comments by the developers.
Netsparker also allows users to add new entries to the list of sensitive comments so they are alerted once such entry is identified in the source code comments. Users can also modify the existing patterns from the Comments node in the Netsparker settings as seen in the below screenshot.
In this knowledge base node Netsparker lists all the cookies used by the target website. Cookies can disclose a lot of information about the target website that attackers can use to craft a malicious attack. For example cookies can store strings such as "admin=false" or "debugging=1".
From this node security professionals have access to a centralized list of all cookies so they can analyse them one by one and identify any cookie related security issues.
In this knowledge base node Netsparker will report any identified web services running on the target web application and their operations.
In this knowledge base node Netsparker lists all the CSS files used on the target web application. Modern web applications have dynamic CSS files (CSS files that accept input from other sources and variables) hence they can also be an attack vector. And even though Netsparker automatically scans target web applications for potential vulnerabilities in CSS files such list is handy, especially in case users need to manually analyze them.
In this knowledge base node Netsparker reports the average response time of the target web application and lists down all the pages with high response time. As such pages which are slow to load do not pose any security threat, but there is a reason why they are taking longer to load. Typically this could be caused by errors in the code or the code's logic is not efficient, hence still worth knowing about them so you can troubleshoot them.
In this knowledge base node Netsparker lists the information about the SSL certificate used on the target website, and the protocols and ciphers which are supported by the target server. In the last few years there have been a good number of issues with old ciphers and protocols hence it is good to know what the target web application supports so you can fine tune the server's configuration.
In this knowledge base node Netsparker lists down the URL Rewrite rules it automatically created when scanning the target website.
Netsparker scanners automatically configure their own URL rewrite rules when scanning a website that uses URL rewrite, hence you do not have to manually configure them. And should you need to verify the rules or get a better understanding of the workings and setup of the target web application you can always check the rules that the scanner automatically configured.
If the scanner identifies a REST API on the target web application during a scan, Netsparker will automatically crawl and scan the RESTful web service. RESTful web services that are identified automatically are listed under the Knowledge Base node, as per the below screenshot.
Identifying All Web Application Security Threats
As this article highlights there is much more to web application security than just identifying and remediating exploitable vulnerabilities, and this is where Netsparker Web Application Security Scanner plays a good role. Web security professionals should take advantage of such tools and use all of the information provided to their advantage.
Netsparker centralizes all information to helps security professionals understand better the target web application and identify any security issues that are not "exploitable vulnerabilities" yet expose information to malicious attackers and lead them to a successful hack attack.