WhiteHat DAST Vulnerability Classes

WhiteHat Sentinel Dynamic Premium Edition (PE)

WhiteHat Sentinel PE includes testing for both technical and business logic vulnerabilities. WhiteHat’s Threat Research Center (TRC) performs custom testing to identify business logic flaws. WhiteHat’s TRC engineers, who uncover these types of vulnerabilities, are technical experts capable of understanding account structures, contextual logic, and similar characteristics of web applications.

Technical - WhiteHat Vulnerability Classes PE

Application Code Execution

Application Misconfiguration

Autocomplete Attribute

Brute Force

Buffer Overflow

Cacheable Sensitive Response

Clickjacking

Content Spoofing

Cross Site Request Forgery

Cross Site Scripting

Denial of Service

Directory Indexing

Fingerprinting

Frameable Resource

HTTP Response Splitting

Improper Input Handling

Information Leakage

Insecure Indexing

Insufficient Anti-automation

Insufficient Authentication

Insufficient Authorization

Insufficient Password Policy Implementation

Insufficient Password Recovery

Insufficient Process Validation

Insufficient Session Expiration

Insufficient Transport Layer Protection

LDAP Injection

Mail Command Injection

Missing Secure Headers

Non-HttpOnly Session Cookie

OS Command Injection

OS Commanding

Path Traversal

Predictable Resource Location

Query Language Injection

Remote File Inclusion

Routing Detour

Server Misconfiguration

Session Fixation

Session Prediction

SQL Injection

SSI Injection

Unsecured Session Cookie

URL Redirector Abuse

XML External Entities

XML Injection

XPath Injection

XQuery Injection

Technical Vulnerabilites Covered by PE - OWASP 2017 Top 10

Vulnerabilities

Description

A1

Injection

A2

Broken Authentication

A3

Sensitive Data Exposure

A4

XML External Entities (XXE)

A5

Broken Access Control

A6

Security Misconfiguration

A7

Cross-Site Scripting (XSS)

A8

Insecure Deserialization

A9

Using Components with Known Vulnerabilities

Business Logic Flaws - WhiteHat Vulnerability Classes

Abuse of Functionality

Insecure Indexing

Insufficient Process Validation

Brute Force

Insufficient Anti-Automation

Insufficient Session Expiration

Credential/Session Prediction

Insufficient Authentication

Session Fixation

Cross-Site Request Forgery

Insufficient Authorization

Denial of Service

Insufficient Password Recovery

WhiteHat Sentinel Dynamic Standard Edition (SE)

WhiteHat Sentinel SE tests for the following technical vulnerabilities, it does not test for business logic flaws.

Technical - WhiteHat Vulnerability Classes SE

Abuse of Functionality

Application Misconfiguration

Autocomplete Attribute

Brute Force

Buffer Overflow

Cacheable Sensitive Response

Content Spoofing

Cross Site Request Forgery

Cross Site Scripting

Denial of Service

Directory Indexing

Fingerprinting

Frameable Resource

HTTP Response Splitting

Improper Input Handling

Information Leakage

Insufficient Authentication

Insufficient Authorization

Insufficient Process Validation

Insufficient Transport Layer Protection

LDAP Injection

Mail Command Injection

Missing Secure Headers

OS Command Injection

OS Commanding

Path Traversal

Predictable Resource Location

Remote File Inclusion

Server Misconfiguration

SQL Injection

SSI Injection

URL Redirector Abuse

XML External Entities

XML Injection

XPath Injection

XQuery Injection

Technical Vulnerabilites Covered by SE - OWASP 2017 Top 10

Vulnerabilities

Description

A1

Injection

A2

Broken Authentication

A3

Sensitive Data Exposure

A5

Broken Access Control

A6

Security Misconfiguration

A7

Cross-Site Scripting (XSS)

A9

Using Components with Known Vulnerabilities

WhiteHat Sentinel Dynamic Basic Edition (BE)

WhiteHat Sentinel BE tests for the following technical vulnerabilities, it does not test for business logic flaws.

Technical - WhiteHat Vulnerability Classes BE

Abuse of Functionality

Application Code Execution

Autocomplete Attribute

Brute Force

Buffer Overflow

Cacheable Sensitive Response

Content Spoofing

Cross Site Request Forgery

Cross Site Scripting

Denial of Service

Directory Indexing

Fingerprinting

Frameable Resource

HTTP Response Splitting

Improper Input Handling

Information Leakage

Insufficient Authentication

Insufficient Authorization

Insufficient Process Validation

Insufficient Transport Layer Protection

LDAP Injection

Mail Command Injection

Missing Secure Headers

OS Command Injection

OS Commanding

Path Traversal

Predictable Resource Location

Remote File Inclusion

Server Misconfiguration

SQL Injection

SSI Injection

URL Redirector Abuse

XML External Entities

XML Injection

XPath Injection

XQuery Injection

Technical Vulnerabilites Covered by BE - OWASP 2017 Top 10

Vulnerabilities

Description

A1

Injection

A2

Broken Authentication

A3

Sensitive Data Exposure

A5

Broken Access Control

A6

Security Misconfiguration

A7

Cross-Site Scripting (XSS)

A9

Using Components with Known Vulnerabilities