How Invicti Shark enriches vulnerability reports
Invicti helps to streamline remediation efforts by providing detailed information about issues even down the line of code and instructions on how to fix each issue.
Invicti is a dynamic application security testing tool (DAST). It probes the entire running application, so it can test the entire attack surface and find all the vulnerabilities that an attacker could. Even so, it still has no access to the source code, so it cannot truly pinpoint identified weaknesses.
- When you install and use the Shark sensor, Invicti becomes an IAST solution (grey-box scanner) in addition to being a DAST scanner (black-box scanner).
- The Shark sensor works together with the main vulnerability scanning engine to extend the DAST capabilities of the Invicti vulnerability scanning engine.
- Shark sensors continuously provide additional information about vulnerabilities and the environment itself.
With Shark sensors, Invicti can pinpoint many vulnerabilities right down to the line number and provides additional details for security teams.
Enriched vulnerabilities
The following table shows how the combination (DAST+IAST) enriches the issue result:
| Name | Severity | Extra Information |
|---|---|---|
| SQL Injection | Critical | Source file Line number The function that has been called with the payload Payload |
| Boolean Based SQL Injection | Critical | Source file Line number The function that has been called with the payload Payload |
| Blind SQL Injection | Critical | Source file Line number The function that has been called with the payload Payload |
| Command Injection | Critical | Source file Line number The function that has been called with the payload Payload |
| Blind Command Injection | Critical | Source file Line number The function that has been called with the payload Payload |
| Code Evaluation (PHP) | Critical | Source file Line number The function that has been called with the payload Payload |
| Code Evaluation (ASP) | Critical | Source file Line number The function that has been called with the payload Payload |
| Local File Inclusion | High | Source file Line number The function that has been called with the payload Payload |
| HTTP Header Injection | Medium | Source file Line number The function that has been called with the payload Payload |
While Shark sensors extend the capabilities of Invicti's main vulnerability engine, it also runs its own attacks to identify other vulnerabilities.
IAST attacks in Invicti are enabled by default. If you want to scan your application with a customized scan policy, make sure you included IAST attacks into the custom scan policy. So, Invicti Shark can run its own attacks as well. If not included, Invicti Shark falls back to enriching existing engines.
Identified vulnerabilities
The following list shows the vulnerabilities Shark sensors can identify:
| Name | Severity | Extra Information |
|---|---|---|
| SQL Injection (IAST) | Critical | New Vulnerability Template Source file Line number The function that has been called with the payload Payload |
| Command Injection (IAST) | Critical | New Vulnerability Template Source file Line number The function that has been called with the payload Payload |
| Code Evaluation PHP (IAST) | Critical | New Vulnerability Template Source file Line number The function that has been called with the payload Payload |
| Local File Inclusion (IAST) | High | New Vulnerability Template Source file Line number The function that has been called with the payload Payload |
| Arbitrary File Creation Detected | High | New Vulnerability Template Source file Line number The function that has been called with the payload Payload |
| Arbitrary File Deletion Detected | High | New Vulnerability Template Source file Line number The function that has been called with the payload Payload |
| HTTP Header Injection (IAST) | Medium | New Vulnerability Template Source file Line number The function that has been called with the payload Payload |
| PHP enable_dl Is Enabled | Medium | Invicti provides a brand new template specific for this vulnerability |
| PHP register_globals Is Enabled | Medium | Invicti provides a brand new template specific for this vulnerability |
| PHP session.use_trans_sid Is Enabled | Medium | Invicti provides a brand new template specific for this vulnerability |
| PHP allow_url_fopen Is Enabled | Low | Invicti provides a brand new template specific for this vulnerability |
| PHP allow_url_include Is Enabled | Low | Invicti provides a brand new template specific for this vulnerability |
| PHP display_errors Is Enabled | Low | Invicti provides a brand new template specific for this vulnerability |
| PHP open_basedir Is Not Configured | Low | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET Tracing Is Enabled | High | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET Cookieless Authentication Is Enabled | Medium | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET Cookieless Session State Is Enabled | Medium | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET Custom Errors Is Disabled | Medium | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET Login Credentials Stored In Plain Text | Medium | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET ValidateRequest Is Globally Disabled | Medium | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET failure to require SSL for authentication cookies | Medium | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET ViewStateUserKey Is Not Set | Low | Invicti provides a brand new template specific for this vulnerability |
| ASP.NET Debugging Enabled | Information | Invicti provides a brand new template specific for this vulnerability |
| Hidden Files (IAST) | - | Invicti gets all hidden files within the application. From there, Invicti adds these files to the link pool so that Invicti can crawl and attack them. |
Need help?
Invicti Support team is ready to provide you with technical help. Go to Help Center