Difference between revisions of "OWASP Joomla Vulnerability Scanner How it works"

From OWASP
Jump to: navigation, search
(Created page with '== How does the scanner work ?== 1. First HEAD Check if a vulnerable resource exists rather than GET request and search vulnerable string This speeds up the process. It is good …')
 
(How does the scanner work ?)
Line 3: Line 3:
 
1. First HEAD Check if a vulnerable resource exists rather than GET request and search vulnerable string
 
1. First HEAD Check if a vulnerable resource exists rather than GET request and search vulnerable string
 
This speeds up the process. It is good to minimize IDS alert as it doesn't send GET storm attack strings Request.
 
This speeds up the process. It is good to minimize IDS alert as it doesn't send GET storm attack strings Request.
 +
 
2. Only if the resource exists, then it checks if the vulnerability exists with sample exploit string.
 
2. Only if the resource exists, then it checks if the vulnerability exists with sample exploit string.
 +
 
3. If the exploit string is not available, it works out the vulnerability state with version deduced.  
 
3. If the exploit string is not available, it works out the vulnerability state with version deduced.  
  
 
[[Category:OWASP_Joomla_Vulnerability_Scanner_Project]]
 
[[Category:OWASP_Joomla_Vulnerability_Scanner_Project]]

Revision as of 13:56, 15 July 2009

How does the scanner work ?

1. First HEAD Check if a vulnerable resource exists rather than GET request and search vulnerable string This speeds up the process. It is good to minimize IDS alert as it doesn't send GET storm attack strings Request.

2. Only if the resource exists, then it checks if the vulnerability exists with sample exploit string.

3. If the exploit string is not available, it works out the vulnerability state with version deduced.