There are two different kinds of web application vulnerability scanners; heuristic and
How Do Signature Based Web Application Security Scanners Work?
Signature based scanners rely on a database of signatures for known vulnerabilities. Therefore for a scanner to
This means that these scanners need to be updated
This means that signature based web security scanners are more prone to reporting false positive vulnerabilities. For example, if a patch is applied manually to a web application without changing the version file, a signature based scanner will report a false positive. This also means that signature based scanners can only scan known and off-the-shelf web applications such as WordPress, Joomla! and Drupal.
A popular signature based scanner is WPScan, which scans WordPress websites and its plugins and themes for known vulnerabilities. Another popular signature based scanner is Nikto, which scans for server misconfigurations and dangerous files.
How Do Heuristic Web Application Security Scanners Work?
Heuristic web vulnerability scanners do not need a database to detect vulnerabilities. They do not rely on signatures of already discovered security bugs. They are able to determine if a web application is vulnerable by actively probing for vulnerability classes, such as Cross-site Scripting (XSS) and SQL Injection vulnerabilities.
This means that heuristic web vulnerability scanners are able to find 0-day vulnerabilities in a web application, unlike
Netsparker, our dead accurate web application security scanner is a heuristic scanner.
Examples of 0-day Vulnerability Identified by a Heuristic Web Vulnerability Scanner
As part of our regular testing of the Netsparker web application scanner, we scan an
A few good examples of a number of 0-day issues Netsparker identified are:
- Cross-site Scripting vulnerability in the HESK helpdesk software
- Cross-site Scripting vulnerability in OpenCart
- DOM XSS vulnerability in WordPress Twenty Fifteen default theme
All of the above vulnerabilities were not previously known, therefore a signature based scanner would not have warned the user about them.
Using Both Signature Based & Heuristic Web Vulnerability Scanners
Clearly a heuristic web security scanner can do much more than a signature based scanner in terms of
For example, if you want to scan a WordPress website for known vulnerabilities and security weaknesses, the signature based scanner WPscan will definitely do a very good job and can deliver the scan results very fast. In such cases, a heuristic scanner is an overkill. However, to scan a complex custom application for unknown security bugs, you should use a heuristic web application security scanner such as Netsparker.