AppCheck Security Assesment

AppCheck includes two distinct scanning engines designed to test Web Applications and computer systems for vulnerabilities.

Application Scanning

For each URL configured with the scan, AppCheck performs online reconnaissance to gather information pertaining to the site that is publicly available in search engines and other online indexing services.

Next, AppCheck will map out the application using a sophisticated crawling engine. The crawler combines traditional web scraping with a browser-based crawler which implements artificial intelligence to mimic typical application user behaviour.

The “Mapped Attack Surface” enumerated during the initial phases of the scan, is then subject to methodical security testing. Typically, the assessment process works by taking each user supplied data component, such as a form field of query string parameter, then modifies it to include a specific test case before submitting it to the server. Based on the applications response, further test cases are then submitted through the same method to confirm the vulnerability.

Common vulnerabilities detected during the web application scan include; Injection flaws such as SQL, NoSQL, XML, Code, and Command injection, Cross-Site Scripting and hundreds of other vulnerability classes arising from insecure code.

Infrastructure & Platform Scanning

In this context, Infrastructure includes all components that are not covered within the application scanning phase. The infrastructure scan beings by port scanning each host to identified accessible services. Each service is then probed for vulnerabilities such as missing security patches, configuration weaknesses and information disclosure vulnerabilities.

Common vulnerabilities detected during the infrastructure scanning phase include; missing operating system patches, weak administrative passwords and access control vulnerabilities.

If the target system is hosted within Amazon Web Services, Google Cloud or Azure, specific configuration assessment modules are launched to identify common configuration weaknesses.

Download now to read the report.