Appscan is a professional vulnerability scanning and security assessment tool primarily used to help businesses evaluate and discover security vulnerabilities and risks in their websites and applications. Appscan has powerful features and rich characteristics, making it the preferred tool for many organizations and security professionals.
The main functions of Appscan include vulnerability scanning, security auditing, and risk assessment. It can automatically scan websites and applications, detect common security vulnerabilities such as cross site scripting attacks (XSS), SQL injection, cross site request forgery (CSRF), etc. In addition, Appscan also provides advanced vulnerability detection and customization options, allowing users to conduct in-depth security testing and evaluation based on their own needs.
Appscan also provides visual vulnerability reports and recommended remediation measures to help users fully understand the security status of websites and applications, and provide corresponding remediation recommendations. It also supports collaboration with development and security teams to facilitate rapid vulnerability fixes and the implementation of security measures.
Appscan is widely used in various industries, including finance, e-commerce, healthcare, government agencies, and more. It helps businesses protect their websites and applications from hackers and malicious attacks, enhance overall network security, and protect users' privacy information.
Main functional indicators of Appscan:
1. Provide a comprehensive vulnerability rule library that covers various mainstream attack techniques and methods defined by the two major web security standard organizations, WASC and OWASP, including but not limited to: Brute Force、Insufficient Authentication、Credential/Session Prediction、Insufficient Authorization、Insufficient Session Expiration、Session Fixation、Content Spoofing、Cross-site Scripting、Buffer Overflow、Format String Attack、LDAP Injection、OS Commanding、SQL Injection、SSI Injection、XPath Injection、Directory Indexing、Information Leakage、Path Traversal、Predictable Resource Location、Abuse of Functionality、Denial of Service、Insufficient Process Validation Among the attack techniques and methods, Cross Site scripting can detect at least 20 variants; For SQL Injection, it can detect at least 40 variants;
2. Support online and manual upgrading of scanning rule libraries, custom rules, as well as importing and exporting rules;
3. Support web application technologies such as Javascript, HTTPS, and authentication to ensure the integrity of discovered URLs;
4. Support discovering URLs from Flash, PDF, Office and other types of documents and conducting security testing;
5. Ability to test sequential business logic, such as opening new accounts and making online purchases;
6. Support scanning for security vulnerabilities in web service application systems and come with built-in web service discovery tools;
7. Support common web authentication methods (forms, captcha, SAML, etc.);
8. Support HTML crawlers and SSL;
9. Support users to edit reports, provide assistance to development and quality management personnel in fixing security vulnerabilities, and add custom comments or detailed information.
10. Support "glass box" scanning technology, which not only receives scanning responses from applications, but also monitors internal responses of web servers;
11. Support vulnerability scanning for web applications suitable for mobile browser client browsing, which can simulate at least the following types of mobile device browsers: Chrome, Opera, Safari, Google Android, Blackberry, IE Mobile.