8. Web Penetration Test

< All Topics

The Web Application Penetration testing tool follows OWASP Web Security Testing Guide 4.2 and conducts an automated “blackbox” penetration scan on web applications.

The tool conducts scouting of the target and executes attack modules to test for:

  • Software Identification
  • Website Configuration
  • SSL Certificate and Configuration
  • SQL and XPath Injections
  • Cross Site Scripting (XSS)
  • Command Execution detection
  • XXE injection
  • CRLF Injection
  • Bypass of weak htaccess configurations
  • Search for copies (backup) of scripts on the server
  • Shellshock
  • Folder and file enumeration
  • Server Side Request Forgery
  • Open Redirects
  • CSP and HTTP security headers
  • Checking cookie security flags (secure and httponly flags)
  • Cross Site Request Forgery (CSRF) basic detection
  • Detection of subdomain takeovers vulnerabilities
  • Log4Shell vulnerability detection (CVE-2021-44228)
Table of Contents

Join our weekly demo

Once a week our CEO, Chen Goldberg is giving a group demo. 

In this demo he’s showing how to gain maximum cloud security and compliance using CloudWize platform. 

We use cookies and tracking technologies to improve your experience on our website and for analytics purposes. By using and accessing this site, you agree to our Terms of Use and Privacy Policy