Can you scan for cyber-vulnerabilities with your spider?

Use and application of eValid's site analysis (site scanning) features.

Can you scan for cyber-vulnerabilities with your spider?

Postby Haydene » Mon Jul 22, 2013 1:34 pm

Can you scan for cyber-vulnerabilities with your spider?
Haydene
 
Posts: 1
Joined: Mon Jul 22, 2013 1:31 pm

Re: Can you scan for cyber-vulnerabilities with your spider?

Postby eValid » Sun Jul 28, 2013 4:58 pm

Yes, the spider can scan for vulnerability provided you know the patterns that you're looking for.

The regular site analysis scanner can look at every page at/below a starting page and search the complete HTML of each page for matches against a user-specified regular expression. The seach can even include some parts of the page that are not necessarily visible, but may contain a hidden exploitable pattern.

In practical terms this application of eValid breaks down into two parts: (1) setting up the scan and making the run, and (2) analyzing the output of the string filter report to decide if what the scanner found was important.

Remember, eValid is acting as the engine to do the pattern match searching...but you as a user have to decide if what eValid has found represents an actual vulnerability. It's easy to get lost in the volume of data that is extracted from a website, so we generally recommend to do scans of 1,000 pages or fewer. Also, we recommend to have the most precise regular expression you can devise as the search pattern. Doing this will reduce the output volume but won't miss anything.

eValid Support
eValid
 
Posts: 2431
Joined: Tue Jan 01, 2008 12:48 pm
Location: USA


Return to Website Scanning and Analysis

Design Downloaded from free phpBB templates | free website templates | Free Web Buttons