Hello
What Vulnerabilities are covered by the HackerGuardian scan? I have used the HackerGuardian for over a year but have just had a security review. They have informed me that HackerGuardian is not suitable. Does anyone know if there is a list of the 24,000 vulnerabilities that are covered?
I have been asked to prove if HackerGuardian covers the following ‘and more’ Does anyone know if the following is covered and have any links or documentation to prove it?:
• Manipulating URL parameters
• Using URL to jump to pages out of sequence
• Common CGI vulnerabilities
• Manipulating hidden fields
• Looking for obvious backdoors
• Checking the use of cookies and ensuring they are always encrypted when containing sensitive data
• Checking for sensitive data in permanent cookies
• Injecting commands into Web components
• Cross site scripting & client-side scripting issues
• Corrupting JavaScript to allow erroneous or oversized data
• Ensuring server side checks are in place
• Ensuring session management is secure: non-predictable sessions, non-reusable sessions, session idle timers, and session disclosure
• Ensure passwords cannot be retrieved from cache or sessions restarted by use of history or back buttons for example.
• Checking password auto-completion is disabled
• Ensuring pages with confidential information are not cached by standard browsers
• Ensuring that only strong encryption is permitted over SSL
• Probing for SQL weaknesses