August 20, 2015 by Piyush Tripathi
Three Risks Associated with the Web Vulnerability Scanners
SQL INJECTIONS VULNERABILITY : An attacker can use web vulnerability scanner to find sql injection loopholes in an organization. This vulnerability affects organizations where most transactions take place using web application with relational database as backend. The attacker usually try to structure the sql query as harmless user input and tries to gain access to system database. This can result data loss, data integrity violation and sometimes data theft.
CROSS SITE SCRIPTING (XSS) VULNERABILITY: There are various web scanners that can find out this vulnerability by analyzing organization`s website.This vulnerability usually affects organizations where web applications is used to display content to end users. The attackers inserts malicious executable code in web page which can affect other users accessing that web page.
AUTHENTICATION VULNERABILITY : This affects a large number of organizations as user authentication is an important aspect of client server interaction. This attack can have many form like session hijacking, brute force attack or exposure of sensitive passwords. This attack can let an attacker access and control the underlying system and carry out significant amount of damage.
Detection Controls:The administrator should keep checks in place for detection of malicious web attacks. Any sql or executable code which is unauthorized must be identified and discarded. Any session anomaly should be properly reported for potential attacks. Any unusual changes in the file systems or in the database should also be taken into account.In addition, user behaviours and common attack characteristics can also be used to identify potential attack situations. proper log file should be maintained and should be periodically analyzed by systems administrator to find out any hidden attack.