What vulnerabilities does arctil check for
The arctil web security assessment tool comes with an array of scanning techniques to detect common web application vulnerabilities. You'll be able to see a full break down of each vulnerability arctil checks for.
Injection vulnerabilities
• SQL Injection
SQL injection vulnerabilities are based around unsanitized database input to allow an attack to execute malicious queries. This attack can range from login bypass all the way through to command execution, for more information you can check out this help article
• Cross Site Scripting
Cross site scripting (also known as XSS) is the process of injection HTML and Javascript code into a website for malicious gains, we have a great help article which goes ito far more detail.
• Command Execution
OS command injection can allow an attacker to execute system level commands fully compromise the operating system a website or application runs on. For more information check out the following link.
• LDAP Injection
LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input.
• XPath Injection
XPath injection is a type of attack where a malicious input can lead to un-authorised access or exposure of sensitive information such as structure and content of XML document.
Redirect vulnerabilities
• Unvalidated Redirects
Unvalidated redirects are possible when a web application accepts untrusted input that can cause the web application to redirect the request to a URL. You can learn more by checking out our help article.
File inclusion vulnerabilities
• Remote File Inclusion
Inclusion or remote files, RFI attack's range from sensitive information disclosure to remote code execution. For more information see our help article.
• Local File Inclusion
Local File Inclusion is the process of including files that are already locally present on the server, through the exploitation of vulnerable inclusion procedures. To dive into more information we have a great article all about this, here's a link.
Other vulnerabilities
• Basic Authentication Over HTTP
User credentials are being transmitted over HTTP in plain text, this can allow for credential stealing.
• Open Directory Listing
Directory listing can give attackers an insight into the website structure and allow easy browsing of stored files, here's a link with more information.
Notice something not quite right? That's fine we're not perfect. Why not make a suggestion on our community forum, you should be able to see the correct formatting below.
Suggestion/Improvement:
Still need help?
Are you having trouble using arctil? Why not try reaching out to our Community Forum.
Alternatively, you can try contacting us through the Contact page.