Many applications, third party libraries and frameworks have filenames, copyright notices and other characteristics that are unique – like a fingerprint. It's therefore possible to 'fingerprint' libraries and find out exactly which ones are in use in an application, by looking at these unique characteristics.
The scanning engine can fingerprint 20 of the most popular libraries, such as jQuery, React, Angular.js and Bootstrap.js..
- From the main menu, click Policies, then New Scan Policy.
- Select the Security Checks tab.
- From the Home tab, click Scan Policy Editor.
Fingerprinting Off-the-Shelf Web Applications
Custom built applications are very popular, especially in business-specific web applications, but off-the-shelf web applications, especially open source, are gaining in popularity. Please be aware that, like any custom application, open source applications can contain web vulnerabilities (see our Web Application Vulnerabilities Index).
Why Should You Keep Your Off-the-Shelf Web Applications Up to Date?
Malicious hackers are constantly and randomly scanning websites to check if they are vulnerable to a SQL Injection in an old version of WordPress or a Cross-site Scripting (XSS) vulnerability in an old version of Joomla! or phpBB.
If you are running an old version of software with a known vulnerability, it is only a matter of time until you get hacked.
Invicti Fingerprints Off-the-Shelf Web Applications