Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
1460 Views 3 Replies Latest reply: May 29, 2013 5:00 PM by jvalverd RSS
tony.lin Apprentice 123 posts since
Dec 17, 2009
Currently Being Moderated

Mar 15, 2012 8:56 AM

Help with Web Application Scanning

Hi

 

The New version of Foundstone have Web Application Scanning option. I can't find any informations for it! Is there have documents talk about can to do it?

  • Community Leader 479 posts since
    Nov 3, 2009
    Currently Being Moderated
    1. Mar 22, 2012 6:50 PM (in response to tony.lin)
    Re: Help with Web Application Scanning

    Hi Tony,

     

    There's an entire section in the MVM 7.0 Product Guide:

    How web application scans work

     

    If you have any specific questions let us know.

     

    I hope that help!
    Cathy

    
  • sharat Newcomer 2 posts since
    May 13, 2013
    Currently Being Moderated
    2. May 17, 2013 5:49 AM (in response to cgrim)
    Re: Help with Web Application Scanning

    Hi

     

    Even I am trying to use McAfee FS for detecting web application vulnerabilities.

     

    I scanned a web server by providing "application URL" and credentials which are used to manage that site. But the scan did not detect any vulnerabilities reg web application.

     

    I want to know what kind of credentials can be used to get vulnerabilities reg web application

     

    Pls help.

  • jvalverd McAfee Employee 26 posts since
    Feb 19, 2010
    Currently Being Moderated
    3. May 29, 2013 5:00 PM (in response to sharat)
    Re: Help with Web Application Scanning

    This is configured under credentials in the scan configuration. 

     

    from the online help

    Web application credentials

    McAfee Vulnerability Manager 7.5 can use credentials to authenticate itself to a Windows, UNIX, or infrastructure host. This allows the FSL scripts to access web applications.

    Web application credential details

    Setting

    Description

    Web Domain

    Select this account type to use domain credentials for accessing web applications within the specified domain.

    Type a domain name (e.g. yourdomain.com).

    Web Server

    Select this account type to use credentials for a specific server running a web application.

    Web Default

    Select this account type to use credentials when either the Web Domain or Web Server credentials do not work.

    Web Application URL

    Select this account type to use credentials for a specific web application URL.

    The Web Application URL field requires a URL (example: http://www.hostname.com). To ensure the credentials are applied to the correct asset, the URL in the Web Application field should match the URL entered on the Targets page of the scan configuration.

    HTTP Basic

    Access authentication by using a username and password, where the password is sent unencrypted.

    HTTP Digest

    Access authentication by using a username and password, where the password is encrypted.

    NTLM

    A Microsoft authentication protocol.

    Form

    Form based authentication that could include a number of fields and values for authentication.

    Certificate

    Certificate authentication, which includes attaching the certificate to the scan configuration.

     

    Form however has some limitations if Javascript is used.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points