EasyAudit WEB completely cover all the 26 WASC Threat Classification Version 1 Classes and EasyAudit NET have a good coverage of Web issues, even if it’s targeted to network security.
1 | Authentication | |||
1 | 1 | 1 | Brute Force | EasyAudit WEB EasyAudit NET |
1 | 2 | 2 | Insufficient Authentication | EasyAudit WEB EasyAudit NET |
1 | 3 | 3 | Weak Password Recovery Validation | EasyAudit WEB EasyAudit NET |
2 | Authorization | |||
2 | 1 | 4 | Credential/Session Prediction | EasyAudit WEB EasyAudit NET |
2 | 3 | 5 | Insufficient Authorization | EasyAudit WEB EasyAudit NET |
2 | 4 | 6 | Insufficient Session Expiration | EasyAudit WEB EasyAudit NET |
2 | 5 | 7 | Session Fixation | EasyAudit WEB EasyAudit NET |
3 | Client-side Attacks | |||
3 | 1 | 8 | Content Spoofing | EasyAudit WEB EasyAudit NET |
3 | 2 | 9 | Cross-site Scripting | EasyAudit WEB EasyAudit NET |
4 | Command Execution | |||
4 | 1 | 10 | Buffer Overflow | EasyAudit WEB EasyAudit NET |
4 | 2 | 11 | Format String Attack | EasyAudit WEB EasyAudit NET |
4 | 3 | 12 | LDAP Injection | EasyAudit WEB EasyAudit NET |
4 | 4 | 13 | OS Commanding | EasyAudit WEB EasyAudit NET |
4 | 5 | 14 | SQL Injection | EasyAudit WEB EasyAudit NET |
4 | 6 | 15 | SSI Injection | EasyAudit WEB EasyAudit NET |
4 | 7 | 16 | XPath Injection | EasyAudit WEB EasyAudit NET |
5 | Information Disclosure | |||
5 | 1 | 17 | Directory Indexing | EasyAudit WEB EasyAudit NET |
5 | 2 | 18 | Information Leakage | EasyAudit WEB EasyAudit NET |
5 | 3 | 19 | Path Traversal | EasyAudit WEB EasyAudit NET |
5 | 4 | 20 | Predictable Resource Location | EasyAudit WEB EasyAudit NET |
6 | Logical Attacks | |||
6 | 1 | 21 | Abuse of Functionality | EasyAudit WEB EasyAudit NET |
6 | 2 | 22 | Denial of Service | EasyAudit WEB EasyAudit NET |
6 | 3 | 23 | Insufficient Anti-automation | EasyAudit WEB EasyAudit NET |
6 | 4 | 24 | Insufficient Process Validation | EasyAudit WEB EasyAudit NET |
6 | Appendix | |||
6 | 1 | 25 | HTTP Response Splitting | EasyAudit WEB EasyAudit NET |
6 | 1 | 26 | Application Fingerprinting | EasyAudit WEB EasyAudit NET |