OWASP Joomla Vulnerability Scanner Limitations

From OWASP
Revision as of 12:58, 15 July 2009 by D0ubl3 h3lix (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Limitations on Current Release

  • The vulnerability database still lacks of unknown exploit checks. If the exploit check is not available, the scanner verify based on deduced version. If deduced version is not available, it then cannot verify the vulnerability
  • The Scanner lacks IDS evasion bypass
  • The Scanner lacks sophisticated fuzzing
  • The Scanner is not a full fledged SQL Injection tool