Skip to content

Web Scan Profiles

Ostorlab offers specialized scan profiles designed to assess the security of your web applications and APIs. These profiles utilize advanced techniques to uncover vulnerabilities, configuration weaknesses, and potential data exposures.

Web App Scan

The Web App Scan profile provides a comprehensive security assessment for your web applications. It simulates user interactions and attacker techniques to identify vulnerabilities in the application's frontend, backend, and supporting infrastructure.

Overview and Capabilities

  • Application Discovery and Mapping:
    • Automatically explores the web application by navigating pages, following links, and submitting forms.
    • Identifies the structure of the application, including discovered pages, resources, and interactive elements.
  • Technology Identification:
    • Identifies the technologies used to build and run the web application, such as programming languages, frameworks, web servers, and content management systems.
  • Dynamic Security Testing:
    • Actively tests the application for common web vulnerabilities.
    • Identifies client-side vulnerabilities like Cross-Site Scripting (XSS).
    • Checks backend systems for weaknesses such as SQL Injection, Command Injection, and insecure server configurations.
    • Attempts to bypass security controls and access restricted areas or functionalities.
  • Server and Infrastructure Analysis:
    • Scans the web server and associated infrastructure for thousands of known vulnerabilities (CVEs) and common misconfigurations.
    • Checks the security of the web server's SSL/TLS encryption setup, looking for weak protocols, certificate issues, and configuration flaws.
    • Evaluates server security settings against recognized industry best practices.
  • Sensitive Data Exposure Checks:
    • Scans the application and its accessible resources for accidentally exposed sensitive information, such as API keys, passwords, or private credentials.
  • Third-Party Component Analysis:
    • Identifies third-party libraries and software components used within the application.
    • Checks these components against databases of known vulnerabilities to detect risks inherited from external dependencies.
  • Domain and Infrastructure Security Checks:
    • Analyzes domain name system (DNS) settings for potential security misconfigurations.
    • Checks subdomains for risks, such as potential takeovers.
    • Assesses the reputation of the domain and associated IP addresses using security intelligence sources.

This profile delivers an in-depth security assessment of a specific web application. It combines automated interaction and mapping, dynamic testing against common web vulnerabilities (like XSS and SQL Injection), analysis of server configurations, and checks for vulnerable dependencies to provide a comprehensive view of the application's security posture.

Web API Scan

The Web API Scan profile is specifically tailored for testing the security of Application Programming Interfaces (APIs), which applications use to communicate and exchange data (e.g., REST, GraphQL APIs). It focuses on vulnerabilities unique to API implementations, authentication, authorization, and the backend systems powering them.

Overview and Capabilities

  • API Endpoint Discovery and Analysis:
    • Automatically discovers API endpoints by analyzing common API definition files (like OpenAPI/Swagger, WSDL) and exploring potential API paths.
    • Performs specialized analysis for GraphQL APIs to identify common security issues related to schema exposure, query complexity, and access control.
  • API Vulnerability Testing:
    • Tests for common API vulnerabilities, including insecure data handling, authentication flaws, authorization bypasses, injection attacks (e.g., SQL Injection), error handling issues, and other security weaknesses.
  • Server and Infrastructure Analysis:
    • Scans the servers hosting the API and related infrastructure for known vulnerabilities (CVEs) and common misconfigurations.
    • Checks the security of the API endpoints' SSL/TLS encryption setup for weaknesses and configuration errors.
  • Sensitive Data Exposure Checks:
    • Analyzes API responses and related resources for inadvertently exposed sensitive information like API keys, internal system details, or user data.
  • Third-Party Component Analysis:
    • Identifies third-party libraries and software components used within the API implementation or its environment.
    • Checks these components against databases of known vulnerabilities.
  • Domain and Infrastructure Security Checks:
    • Analyzes domain name system (DNS) settings for the API's domain for potential security misconfigurations.
    • Checks subdomains associated with the API for risks, such as potential takeovers.
    • Assesses the reputation of the domain and associated IP addresses used by the API using security intelligence sources.

This profile provides targeted security testing specifically for APIs (REST, GraphQL, etc.). It focuses on discovering API endpoints, testing for common API vulnerabilities like authentication/authorization issues and injection flaws, analyzing supporting infrastructure, and checking for data exposure unique to API interactions.