Checks Comparison
Community | Code | Dynamic | Hybrid | |
Vulnerability Categories Covered | 40 Limited checks | 40+ 700+ checks | 68+ 570+ injection checks | 100+ 1.500+ checks |
Hybrid Checks | ||||
Pen-Tester Extra Checks | ||||
Authentication Vulnerabilities | ||||
Broken Authentication | ||||
Brute Force Checks (Form & HTTP) | ||||
Password Disclosure | ||||
Unencrypted Login | ||||
Weak Password Hashing | ||||
Breach Confirmation | ||||
Backdoor Detection (Web-Based) | ||||
Hidden Debug Parameters | ||||
Inappropriate Content Detection | ||||
Malicious Content Detection | ||||
Command Execution | ||||
Cross-Site Scripting (XSS) | ||||
Filter Evasion/Weak Validation | ||||
HTML5 Specific XSS | ||||
File Inclusion | ||||
Local File Inclusion | ||||
Remote File Inclusion | ||||
NoSQL Injection | ||||
MongoDB | ||||
SQL Injection | ||||
Access | ||||
DB2 | ||||
dbx | ||||
Firebird/InterBase | ||||
FrontBase | ||||
Informix | ||||
Ingres | ||||
MaxDB | ||||
mSQL | ||||
MySQL | ||||
Oracle | ||||
Ovrimos | ||||
PostgreSQL | ||||
SQL Server | ||||
SQLite | ||||
Swish | ||||
Sybase | ||||
Others | ||||
Unvalidated Redirects | ||||
Arbitrary File Manipulation | ||||
Code Injection | ||||
ASP Classic | ||||
ASP.NET | ||||
Java/JSP | ||||
Lua (Nginx, Apache, CGI-Lua, etc) | ||||
Perl | ||||
PHP | ||||
Python | ||||
Ruby | ||||
Server-Side JavaScript | ||||
Cookie Manipulation | ||||
Common Exposures | ||||
Dangerous Methods | ||||
Default Content | ||||
Internal IP Address Disclosure | ||||
Common Form Weaknesses | ||||
AutoComplete Enabled | ||||
Email Form Hijacking | ||||
Hidden Price Form Field | ||||
CRLF Injection | ||||
Cross Frame Scripting | ||||
Default Account | ||||
Denial-of-Service | ||||
Buffer Overflow | ||||
Client-Side Denial-of-Service | ||||
Directory Listing | ||||
Directory Traversal | ||||
Expression Language Injection | ||||
Extension Checking (Double & Common) | ||||
HTTP Header Injection | ||||
HTTP Response Splitting | ||||
Information Disclosure | ||||
LDAP Injection | ||||
Old/Backup Files | ||||
Common Backup Files | ||||
Common Backup Folders | ||||
Log Forging | ||||
Path Disclosure | ||||
Server-Side Includes Injection | ||||
Server-Side Request Forgery | ||||
Server-Specific Vulnerabilities | ||||
IIS, iPlanet & Others | ||||
Source Code Disclosure | ||||
ASP Classic | ||||
ASP.NET | ||||
Java/JSP | ||||
Lua | ||||
Perl | ||||
PHP | ||||
SSI | ||||
Structure Brute Force Checks | ||||
Admin Pages | ||||
Common Files | ||||
Common Vulnerable Scripts | ||||
Database Disclosure | ||||
Suspicious HTML Comments | ||||
XML Injection | ||||
XML External Entity (XXE) Injection | ||||
XPath Injection | ||||
Web Technology Disclosure | ||||
Key Areas Identification (in source code) |