WhiteHat DAST Vulnerability Classes
WhiteHat Sentinel Dynamic Premium Edition (PE)
WhiteHat Sentinel PE includes testing for both technical and business logic vulnerabilities. WhiteHat’s Threat Research Center (TRC) performs custom testing to identify business logic flaws. WhiteHat’s TRC engineers, who uncover these types of vulnerabilities, are technical experts capable of understanding account structures, contextual logic, and similar characteristics of web applications.
Technical - WhiteHat Vulnerability Classes PE | ||
---|---|---|
Application Code Execution |
Application Misconfiguration |
Autocomplete Attribute |
Brute Force |
Buffer Overflow |
Cacheable Sensitive Response |
Clickjacking |
Content Spoofing |
Cross Site Request Forgery |
Cross Site Scripting |
Denial of Service |
Directory Indexing |
Fingerprinting |
Frameable Resource |
HTTP Response Splitting |
Improper Input Handling |
Information Leakage |
Insecure Indexing |
Insufficient Anti-automation |
Insufficient Authentication |
Insufficient Authorization |
Insufficient Password Policy Implementation |
Insufficient Password Recovery |
Insufficient Process Validation |
Insufficient Session Expiration |
Insufficient Transport Layer Protection |
LDAP Injection |
Mail Command Injection |
Missing Secure Headers |
Non-HttpOnly Session Cookie |
OS Command Injection |
OS Commanding |
Path Traversal |
Predictable Resource Location |
Query Language Injection |
Remote File Inclusion |
Routing Detour |
Server Misconfiguration |
Session Fixation |
Session Prediction |
SQL Injection |
SSI Injection |
Unsecured Session Cookie |
URL Redirector Abuse |
XML External Entities |
XML Injection |
XPath Injection |
XQuery Injection |
Technical Vulnerabilities Covered by PE - OWASP 2021 Top 10 | |
---|---|
Vulnerabilities |
Description |
A01 |
Broken Access Control |
A02 |
Cryptographic Failures |
A03 |
Injection |
A04 |
Insecure Design |
A05 |
Security Misconfiguration |
A06 |
Vulnerable and Outdated Components |
A07 |
Identification and Authentication Failures |
A08 |
Software and Data Integrity Failures |
Business Logic Flaws - WhiteHat Vulnerability Classes | ||
---|---|---|
Abuse of Functionality |
Insecure Indexing |
Insufficient Process Validation |
Brute Force |
Insufficient Anti-Automation |
Insufficient Session Expiration |
Credential/Session Prediction |
Insufficient Authentication |
Session Fixation |
Cross-Site Request Forgery |
Insufficient Authorization |
Denial of Service |
Insufficient Password Recovery |
WhiteHat Sentinel Dynamic Standard Edition (SE)
WhiteHat Sentinel SE tests for the following technical vulnerabilities, it does not test for business logic flaws.
Technical - WhiteHat Vulnerability Classes SE | ||
---|---|---|
Abuse of Functionality |
Application Misconfiguration |
Autocomplete Attribute |
Brute Force |
Buffer Overflow |
Cacheable Sensitive Response |
Content Spoofing |
Cross Site Request Forgery |
Cross Site Scripting |
Denial of Service |
Directory Indexing |
Fingerprinting |
Frameable Resource |
HTTP Response Splitting |
Improper Input Handling |
Information Leakage |
Insufficient Authentication |
Insufficient Authorization |
Insufficient Process Validation |
Insufficient Transport Layer Protection |
LDAP Injection |
Mail Command Injection |
Missing Secure Headers |
OS Command Injection |
OS Commanding |
Path Traversal |
Predictable Resource Location |
Remote File Inclusion |
Server Misconfiguration |
SQL Injection |
SSI Injection |
URL Redirector Abuse |
XML External Entities |
XML Injection |
XPath Injection |
XQuery Injection |
Technical Vulnerabilities Covered by SE - OWASP 2021 Top 10 | |
---|---|
Vulnerabilities |
Description |
A01 |
Broken Access Control |
A02 |
Cryptographic Failures |
A03 |
Injection |
A04 |
Insecure Design |
A05 |
Security Misconfiguration |
A06 |
Vulnerable and Outdated Components |
A07 |
Identification and Authentication Failures |
WhiteHat Sentinel Dynamic Basic Edition (BE)
WhiteHat Sentinel BE tests for the following technical vulnerabilities, it does not test for business logic flaws.
Technical - WhiteHat Vulnerability Classes BE | ||
---|---|---|
Abuse of Functionality |
Application Code Execution |
Autocomplete Attribute |
Brute Force |
Buffer Overflow |
Cacheable Sensitive Response |
Content Spoofing |
Cross Site Request Forgery |
Cross Site Scripting |
Denial of Service |
Directory Indexing |
Fingerprinting |
Frameable Resource |
HTTP Response Splitting |
Improper Input Handling |
Information Leakage |
Insufficient Authentication |
Insufficient Authorization |
Insufficient Process Validation |
Insufficient Transport Layer Protection |
LDAP Injection |
Mail Command Injection |
Missing Secure Headers |
OS Command Injection |
OS Commanding |
Path Traversal |
Predictable Resource Location |
Remote File Inclusion |
Server Misconfiguration |
SQL Injection |
SSI Injection |
URL Redirector Abuse |
XML External Entities |
XML Injection |
XPath Injection |
XQuery Injection |
Technical Vulnerabilities Covered by BE - OWASP 2021 Top 10 | |
---|---|
Vulnerabilities |
Description |
A01 |
Broken Access Control |
A02 |
Cryptographic Failures |
A03 |
Injection |
A04 |
Insecure Design |
A05 |
Security Misconfiguration |
A06 |
Vulnerable and Outdated Components |
A07 |
Identification and Authentication Failures |