Scribd Logo
Upload

Welcome to Scribd!

  • Owasp Notas4

    Uploaded by

    Gorel1ck
    3 views4 pages

    Original Title

    owasp notas4

    Copyright

    © © All Rights Reserved

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    3 views4 pages

    Owasp Notas4

    Uploaded by

    Gorel1ck

    Copyright:

    © All Rights Reserved
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 4

    1

    Coverage for OWASP Top 10, PCI DSS 6.5.x and SANS Top 25 Vulnerabilities Detection

    Manual verification of Vulnerabilities by experts

    Limited to 5 requests
    Remediation Guidance to fix vulnerabilities

    Limited to 5 requests
    Vulnerability Revalidation checks

    Risk Protection

    Layer 7 Protection through Web Application Firewall

    Always On Protection through Advance Security Rules

    Platform Specific Security Rules

    Zero day Vulnerability Protection

    Blacklisting IP's & countries

    Ability to exempt certain URI and IP through whitelisting

    Data Transfer included in the plan

    30 GB/month
    DDOS Mitigation

    Protection against Layer 3, 4 Volumetric attacks

    Protection against Layer 7 DDoS attacks

    Reputation checks for client IP and blacklisting of malicious IP

    Protection of Origin IP address against DDOS attacks

    Protection against Hot-Linking

    BOT Mitigation

    Check for pretender bots through IP checks

    Validation of Bot Signatures and blocking bad bots

    Captcha Challenges to prevent malicious bots, protect against DDOS attacks

    Risk Monitoring

    Partial
    Experts written custom rules to virtually patch application specific
    vulnerabilities

    Limited to 2 requests
    Automated whitelisting of legitimate Search Engines & Bots

    ISO 27001 Certified Support Centre


    Whole Site Acceleration

    Content Optimization

    Static Content Caching

    Dynamic Content Caching

    Manual Cache Purge

    Custom Cache Header

    Administration

    Zero Down time on-boarding

    Highly available and scalable architecture

    360° visibility into application security posture through unified AppTrana portal

    Support for WAF Integration with 3rd party CDN

    No hardware, software or tuning required

    Support through Email, Chat and Phone

    AppTrana’s cloud-based scanning tests for hundreds of security flaws including


    OWASP Top 10 and SANS Top 25 vulnerabilities. Along with the automated scanner’s
    razor focus on finding vulnerabilities, the security reports are analysed by
    trained security experts to help you understand the business impact of the security
    loopholes within the web app.

    In your fight against cyber criminals, OWASP’s Top 10 Vulnerabilities list will
    serve as an ideal place to start securing the business website. The following
    checklist provides each of the Top 10 Web Application Security Risks Tests
    recommended by OWASP and its detection coverage under AppTrana scanning.

    Overview of tests performed during the scan:

    A1 Injection
    Tests Recommended by OWASP

    Covered by AppTrana
    Test for SQL Injection

    Test for LDAP Injection

    Test for XPath Injection

    Test for Code Injection

    Test for Command Injection

    A2 Weak Authentication and Session Management


    Tests Recommended by OWASP
    Covered by AppTrana
    Test for Credentials Transported over an Encrypted Channel

    Test for cookies attributes

    Test for Exposed Session Variables

    A3 Cross Site Scripting


    Tests Recommended by OWASP

    Covered by AppTrana
    Test for Reflected Cross site scripting

    Test for Stored Cross site scripting

    Test for DOM-based Cross site scripting

    Test for JavaScript Execution

    Test for Cross site flashing

    XSS Filter Evasion Cheat Sheet

    A4 Broken Access Control


    Tests Recommended by OWASP

    Covered by AppTrana
    Test Directory traversal/file include

    Test for Insecure Direct Object References

    Test for Local File Inclusion

    A5 Security Misconfiguration
    Tests Recommended by OWASP

    Covered by AppTrana
    Fingerprint Web Server

    Fingerprint Web Application Framework

    Fingerprint Web Application

    Enumerate Infrastructure and Application Admin Interfaces

    Test HTTP Methods

    Test RIA cross domain policy

    Test for Error Code

    Test for Stack Traces

    A6 Sensitive Data Exposure


    Tests Recommended by OWASP
    Covered by AppTrana
    Test for Weak SSL/TLS Ciphers, Insufficient Transport Layer Protection

    Test for Padding Oracle

    Test for Sensitive information sent via unencrypted channels

    Test for Credentials Transported over an Encrypted Channel

    A7 Insufficient Attack protection


    Tests Recommended by OWASP

    Covered by AppTrana
    Validation is done via attack vectors to verify if application server has deployed
    any WAF/IPS/IDS or not

    Not Applicable

    A8 Cross - Site Request Forgery


    Tests Recommended by OWASP

    Covered by AppTrana
    Test for CSRF

    AppTrana Manual Testing

    A9 - Using components with Unknown Vulnerabilities


    Tests Recommended by OWASP

    Covered by AppTrana
    Enumerate Applications on Webserver

    AppTrana Manual Testing

    A10 - Under protected APIs


    Tests Recommended by OWASP

    Covered by AppTrana
    Enumerate Applications on Webserver

    AppTrana Manual Testing


    Start securing your website today

    14 days Free, No Credit Card Required


    Copyright ©2020 Indusface, All rights reserved. Terms of Use | Privacy Policy

    You might also like