Web Application Vulnerability Scanning (WAVS)
A web application vulnerability scan (WAVS) is the discovery, or spidering, of a website. A WAVS is performed in order to identify potential test points within a web application. It also includes performance tests that focus on the OWASP Top Ten list of common vulnerabilities.
Different from a WAPT, the ultimate goal of a WAVS is not to penetrate the application, but to identify application vulnerabilities (e.g. Cross-Site Scripting).
Benefits of a Web Application Vulnerability Scan
A MainNerve WAVS provides you with an automated scan of all determined web applications in order to identify known security vulnerabilities such as Cross-Site Scripting, SQL injection, and more.
- Identify specific security flaws present in your environment
- Vulnerability identification of all web applications
- Identify misconfigurations and unpatched applications
- Determine remediation recommendations based on risk
The MainNerve WAVA Process
MainNerve’s web application vulnerability scanning services utilize a blend of automated scans through the use of opensource and commercial tools.
Each WAVS we perform is followed by a verification and analysis process—performed by a highly-skilled MainNerve security engineer. As part of our approach to performing a WAVS, we will rate each vulnerability with a level of risk. Note that no tests are performed to determine false positives… the goal of a WAVS is to identify as many potential vulnerabilities as possible.
MainNerve performs each and every WAVA based off the methods detailed in the Open Web Application Security Project (OWASP) Testing Guide for Web Application Security Assessments. Our methodology includes specific scanning phases with continual reporting throughout the WAVS process.
At MainNerve, the Reporting/Delivery phase of our WAVS process is one we are incredibly proud of. We strive to effectively communicate the value of our service and findings—and provide you with the information you need to fix any identified vulnerabilities. A WAVS Final Report with MainNerve includes:
- Vulnerability Summary
- Impact Summary
- List of Vulnerabilities by Severity
- Affected URLs