What is web application scanning?
Web application scanning is directed towards the company’s websites. A web application scanning is a deep scan that crawls the website. It makes it possible to conduct a deep scan of the logic within the individual web application.
The scanning is conducted as a black box test which means no further knowledge than the URL. A vulnerability scanning of a website crawls the entire website and covers, in addition to commonly known vulnerabilities also, information regarding if the website is vulnerable to:
- SQL injection.
- Code injection.
- Command injection.
- Path traversal.
- File inclusion.
- XSS – Cross-Site Scripting.
The most common vulnerabilities BlackstoneOne finds in a web application scanning are:
- Exposing sensitive data.
- Defective access controls.
- Use of vulnerable third-party components.
- Misconfiguration of web servers.
- Missing security headers.
When a URL scanning is conducted in BlackstoneOne, a web application scanning of the website and an infrastructure scanning are performed. Thus, you don’t have to worry about conducting both types of scans.
Do you want to know more?
Fill out the contact form below with your name and e-mail address. Then we will contact you with more information regarding our solution for vulnerability scanning and management.
An internal vulnerability scanning is directed towards the company’s internal infrastructure (internal servers, switches, routers etc.).