Current Scanner Overview

This article shows all current vulnerability scanners of the Crashtest Security Suite.

The Crashtest Security Suite can perform scans in two variants:

  • "Quick Scan":
    Runs only non-invasive tests for "live" production versions of your code.
  • "Full Scan":
    Runs all Crashtest Security Suite scanners.
    Only recommended to be used for Test or Dev systems, as security scanners can decrease performance or impact live data for productive systems.

Below is an overview of the scanners that are used for the two different versions.
The links in the text go to our Wikipedia for remediation support of these vulnerabilities.

Our "Quick Scan" tests your software against the following security vulnerabilities:

Fingerprinting

  • Server Version Fingerprinting
  • Web Application Version Fingerprinting
  • CVE Comparison of found issues

SSL / TLS Security Vulnerabilities

Portscan

The "Full Scan" provides the full power of the Crashtest Security Suite, including the following security tests:

All "Quick Scan" - Scanners (see above)

Injection Attacks

  • Boolean-based blind SQL Injection
  • Time-based blind SQL Injection
  • Error-based SQL Injection
  • UNION query-based SQL Injection
  • Stacked queries SQL Injection
  • Out-of-band SQL Injection
  • File Inclusion
  • Command Injection

XML External Entity (XXE) Processing

Cross-site Scripting (XSS)

  • Reflected Cross-site scripting (XSS)
  • Stored Cross-site scripting (XSS)

Cross-Site Request Forgery (CSRF)

Deserialization

Fuzzer

  • Directory Fuzzer
  • File Fuzzer

Scan For Free