How Invicti IAST enriches vulnerability reports in Invicti Platform

Invicti Platform is a dynamic application security testing tool (DAST). It probes the entire running application, so it can test the entire attack surface and find all the vulnerabilities that an attacker could. Even so, it still has no access to the source code, so it cannot truly pinpoint identified weaknesses.

This document shows how the combination of out-of-the-box Dynamic Application Security Testing and Interactive Application Security Testing (IAST) technology enriches the scan reports.

Benefits of using Invicti IAST

• When you install and use the Invicti IAST, Invicti Platform becomes an IAST solution (grey-box scanner) in addition to being a DAST scanner (black-box scanner).
• The Invicti IAST works together with the main vulnerability scanning engine to extend the DAST capabilities of the Invicti Platform vulnerability scanning engine.
• Invicti IAST continuously provides additional information about vulnerabilities and the environment itself.

With Invicti IAST, Invicti Platform can pinpoint many vulnerabilities right down to the line number and provide additional details for security teams.

How Invicti IAST enriches vulnerability reports

Invicti IAST provides detailed information about vulnerabilities, showing:

• Source file
• Line number
• The function that has been called with the payload
• Payload

While Invicti IAST extends the capabilities of the main vulnerability engine, it also runs its own attacks to identify other vulnerabilities. Invicti IAST gets all hidden files within the application. From there, Invicti Platform adds these files to the link pool so that it can crawl and attack them.

Critical-severity vulnerabilities

Invicti IAST provides detailed information about those critical vulnerabilities:

• SQL Injection
• Boolean Based SQL Injection
• Blind SQL Injection
• Command Injection
• Blind Command Injection
• Code Evaluation (PHP)
• Code Evaluation (ASP)

High-severity vulnerabilities

Invicti IAST provides detailed information and detects the following high-severity vulnerabilities:

• Local File Inclusion
• Arbitrary File Creation Detected
• Arbitrary File Deletion Detected
• ASP.NET Tracing Is Enabled

Medium-severity vulnerabilities

Invicti IAST provides detailed information and detects the following medium-severity vulnerabilities:

• HTTP Header Injection
• PHP enable_dl Is Enabled
• PHP register_globals Is Enabled
• PHP session.use_trans_sid Is Enabled
• ASP.NET Cookieless Authentication Is Enabled
• ASP.NET Cookieless Session State Is Enabled
• ASP.NET Custom Errors Is Disabled
• ASP.NET Login Credentials Stored In Plain Text
• ASP.NET ValidateRequest Is Globally Disabled
• ASP.NET: Failure To Require SSL For Authentication Cookies

Low-severity vulnerabilities

Invicti IAST provides detailed information and detects the following low-severity vulnerabilities:

• PHP allow_url_fopen Is Enabled
• PHP allow_url_include Is Enabled
• PHP display_errors Is Enabled
• PHP open_basedir Is Not Configured
• ASP.NET ViewStateUserKey Is Not Set

Additionally, Invicti IAST provides information about ASP.NET Debugging Enabled, which a bad actor might use to attack your application.

How to install Invicti IAST

If you want to use Invicti IAST with your web application, download and install the Invicti IAST sensors on the server side. You do not need to change the code of your application to use it while scanning for vulnerabilities. For detailed information about the process, refer to the Introduction to deploying Invicti IAST document.