OWASP Automated Threats

Crawl and fuzz application to identify weaknesses and possible vulnerabilities.

What is Vulnerability Scanning?

Systematic enumeration and examination of identifiable, guessable and unknown content locations, paths, file names, parameters, in order to find weaknesses and points where a security vulnerability might exist. Vulnerability Scanning includes both malicious scanning and friendly scanning by an authorized vulnerability scanning engine. It differs from OAT-011 Scraping in that its aim is to identify potential vulnerabilities.

The exploitation of individual vulnerabilities is not included in the scope of this ontology, but this process of scanning, along with OAT-018 Footprinting, OAT-004 Fingerprinting and OAT-011 Scraping often form part of application penetration testing.

Vulnerability Scanning is also known by terms such as active/passive scanning, application specific vulnerability discover, identifying vulnerable content management systems (CMS) and CMS components, known vulnerability scanning, malicious crawling and vulnerability reconnaissance.

The symptoms of Vulnerability Scanning

  • 1
    Highly elevated occurrence of errors (e.g. HTTP status code 404 not found, data validation failures, authorization failures)
  • 2
    Extremely high application usage from a single IP address
  • 3
    Exotic value for HTTP user agent header
  • 4
    High ratio of GET/POST to HEAD requests for a user/ session/IP address compared to typical users
  • 5
    Low ratio of static to dynamic content requests for a user/session/IP address compared to typical users
  • 6
    Multiple misuse attempts against application entry points
  • 7
    Parameter/header fuzzing

Sectors targeted by Vulnerability Scanning

  • Education
  • Entertainment
  • Financial
  • Government
  • Health
  • Retail
  • Technology
  • Social Networking

Can InfiSecure prevent Vulnerability Scanning?

InfiSecure’s advanced bot mitigation solution can stop all vulnerability scanning activities by blocking bad bots. InfiSecure can limit the number of input validation and / or authorization failures per session / user / IP address / device / fingerprint.