Academic Integrity: tutoring, explanations, and feedback — we don’t complete graded work or submit on a student’s behalf.

Web Application Vulnerability and Potential False Positives As a Penetration Tes

ID: 658462 • Letter: W

Question


Web Application Vulnerability and Potential False Positives

As a Penetration Tester the application vulnerability scan is a major part of any penetration testing methodology. In the Application Scanning stage there are are several different types of vulnerabilities that may surface. The main ones being...

SQL injection/blind SQL injection, cross-site scripting/persistent cross-site scripting, command injection, XPath injection, SOAP/AJAX attacks, CSRF/HTTP response splitting, arbitrary file upload attacks, remote file include (PHP code injection), application errors.....etc (I may have left some out, please don't grill me if I neglected to mention them above)

When using a scanner you can rest assured to encounter a false positive. In my experience the SQL injection vulnerability is what's going to harbor the most false positives.

False positives are a nasty byproduct of using scanners that are created to save time. I haven't found a subject that directly touches on this subject and wanted to start a brief Q & A.

So here is the point of this entire post: When faced with the scan output and a potential vulnerability actually being a false positive. What are effective measures of determining these "False Positives"(if not already designated as such),verifying them, and then correcting them?

I know there is an independent process for each vulnerability, but I'd like to focus on SQL injection and cross-site scripting initially.

Any help is appreciated...

Explanation / Answer

Leveraging other specialty tools to help you verify reported or potential vulnerabilities can help a lot.

For example, using tools like XSS Validator to actually confirm JS execution.

For SQLi, I will often fire up multiple copies of SQLmap to test the different reported SQLi vectors while I work on other tasks.

There is probably no way to avoid manual work or investigation. Looser vulnerability checks often report false positives, but if you tighten them too much then you get false negatives. I think most tools strive for a reasonable balance.

Related Questions

Weather Corp. issued ten-year, 8%, $100,000 bonds paying interest on an annual b
Question #2601255
Weather Corp. issued ten-year, 8%, $100,000 bonds paying interest on an annual b
Question #2601260
Weather Forecast: The table below indicates the accuracy of a local weather repo
Question #3362938
Weather Forecaster Ap in Java Applet: JavaFX for the UI and you can set up the U
Question #3731087
Weather Forecaster App Java Language Android App Goal: Create an app to display
Question #665690
Weather Forecaster App in Java Java Applet: JavaFX for the UI and you can set up
Question #3740198
Weather Fronts A weather front is simply a boundary between different air masses
Question #282978
Weather Hank is a young civil engineer, fresh out of college and working for a m
Question #2312143
Hire Me For All Your Tutoring Needs
Integrity-first tutoring: clear explanations, guidance, and feedback.
Drop an Email at
drjack9650@gmail.com
Chat Now And Get Quote

Navigate

Previous
Web Application Programming Question 5 (1 point) d The DSN for a MySQL connectio
Next
Web Attacks: An Online shoe business has their website set up so that logged-in

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.