Checks Made by JSA Vulnerability Manager
JSA Vulnerability Manager uses a combination of active checks that involves sending packets and remote probes, and passive correlation checks. The JSA Vulnerability Manager database covers approximately 70,000 Network, OS, and Application layer vulnerabilities.
You can search the complete scanning library by CVE, date range, vendor name, product name, product version, and exposure name from the Research window on the Vulnerabilities tab.
JSA Vulnerability Manager Tests
The following examples are some of the categories that JSA Vulnerability Manager tests:
Database checks
Web server checks
Web application server checks
Common web scripts checks
Custom web application checks
DNS server checks
Mail server checks
Application server checks
Wireless access point checks
Common service checks
Obsolete software and systems
The following table describes some checks that are made by JSA Vulnerability Manager.
Type of Check |
Description |
---|---|
Port scan |
Scans for active hosts and the ports and services that are open on each active host Returns MAC if the host is on the same subnet as the scanner Returns OS information |
Web application scanning |
Checks each web application and web page on a web server by using the following checks: File upload HTTP directory browsing CWE-22 - Improper limitation of a path name to a restricted directory (path traversal) Interesting file / seen in logs Auto complete password in Browser Misconfiguration in default files Information disclosure Unencrypted login form Directory index-able: checks if the server directories can be browsed HTTP PUT allowed: checks if the PUT option is enabled on server directories Existence of obsolete files CGI scanning: common web page checks Injection (XSS/script/HTML) Remote file retrieval (server wide) Command execution from remote shell SQL injection, including authentication bypass, software identification, and remote source Reverse tuning options, except for specified options Note:
Authenticated web app scanning is not supported. For example, if authentication is required to access the site, you can't run web app tests. |
OS |
User name and password disclosure Access to file systems Default user names and passwords Privilege escalation Denial of service Remote command execution Cross site scripting (Microsoft) |
Database |
Exploits and open access to databases. Default passwords Compromised user names and passwords Denial of service Admin rights |
Web server |
Known vulnerabilities, exploits, and configuration issues on web servers. Denial of service Default admin passwords File system view ability Cross site scripting |
Common web scripts |
Commonly found web scripts such as CGI E-commerce related scripts ASP PHP |
DNS server |
Weak password encryption Denial of service Determine account names Send emails Read arbitrary emails and sensitive account information Get admin access |
Wireless access point |
Default admin account passwords Default SNMP community names Plain text password storage Denial of service |
Common services |
Domain name system (DNS) File transfer protocol (FTP) Simple mail transfer protocol (SMTP) |
Application server |
Authentication bypass Denial of service Information disclosure Default user names and passwords Weak file permissions Cross site scripting |
Oval |
Client-side vulnerabilities on IE, Chrome, Skype, and others. |
Password testing |
Default password testing |
Windows patch scanning |
Collects registry key entries, windows services, installed windows applications, and patched Microsoft bugs. |
UNIX patch scanning |
Collects details of installed RPMs |
Web Application Scanning
JSA Vulnerability Manager uses unauthenticated scanning for core web application scanning. The following list describes JSA Vulnerability Manager web vulnerability checks:
SQL Injection Vulnerabilities
SQL injection vulnerabilities occur when poorly written programs accept user-provided data in a database query without validating the input, which is found on web pages that have dynamic content. By testing for SQL injection vulnerabilities, JSA Vulnerability Manager assures that the required authorization is in place to prevent these exploits from occurring.
Cross-Site Scripting (XSS) Vulnerabilities
Cross-Site Scripting vulnerabilities can allow malicious users to inject code into web pages that are viewed by other users. HTML and client-side scripts are examples of code that might be injected into web pages. An exploited cross-site scripting vulnerability can be used by attackers to bypass access controls such as the same origin policy. JSA Vulnerability Manager tests for varieties of persistent and non-persistent cross-site scripting vulnerabilities to ensure that the web application is not susceptible to this threat.
Web Application Infrastructure
JSA Vulnerability Manager includes thousands of checks that check default configurations, cgi scripts, installed and supporting application, underlying operating systems and devices.
Web page errors
For in-depth web application scanning, JSA Vulnerability Manager integrates with IBM Security AppScan to provide greater web application visibility to your vulnerabilities.
Network Device Scanning
JSA Vulnerability Manager includes the SNMP plug-in that supports scanning of network devices. JSA Vulnerability Manager supports SNMP V1 and SNMP V2. SNMP V3 is not supported. JSA Vulnerability Manager uses a dictionary of known community defaults for various SNMP-enabled devices. You can customize the dictionary.
External Scanner Checks
The external scanner scans the following OWASP (Open Web Application Security Project) CWEs (Common Weakness Enumerations):
Directory Listing
Path Traversal, Windows File Parameter Alteration, UNIX File Parameter Alteration, Poison Null Byte Windows Files Retrieval, Poison Null Byte UNIX Files Retrieval
Cross-Site Scripting, DOM Based Cross-Site Scripting
SQL Injection, Blind SQL Injection, Blind SQL Injection (Time Based)
Autocomplete HTML Attribute Not Disabled for Password Field
Unencrypted Login Request, Unencrypted Password Parameter
Remote Code Execution, Parameter System Call Code Injection, File Parameter Shell Command Injection, Format String Remote Command Execution
Database Scanning
JSA Vulnerability Manager detects vulnerabilities on major databases by using unauthenticated scanning of target hosts. In addition, JSA Vulnerability Manager targets several databases by using plug-ins.
Operating System Checks
Operating system |
Vulnerability scanning |
Patch scanning |
Configuration |
---|---|---|---|
Windows |
Yes |
Yes |
Yes |
AIX UNIX |
Yes |
Yes |
No |
CentOS Linux |
Yes |
Yes |
No |
Debian Linux |
Yes |
Yes |
No |
Fedora Linux |
Yes |
Yes |
No |
Red Hat Linux |
Yes |
Yes |
No |
Sun Solaris |
Yes |
Yes |
No |
HP-UX |
Yes |
Yes |
No |
Suse Linux |
Yes |
Yes |
No |
Ubuntu Linux |
Yes |
Yes |
No |
CISCO |
No |
No |
No |
AS/400 / iSeries |
No |
No |
No |
OVALs and Operating Systems
OVAL definitions are supported on the following operating systems:
Microsoft Windows 10
Microsoft Windows 8.1
Microsoft Windows 8
Microsoft Windows 7
Microsoft Windows Vista
Microsoft Windows Server 2016
Microsoft Windows Server 2012 R2
Microsoft Windows Server 2012
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2008
Microsoft Windows Server 2003
CentOS versions 3 - 7
IBM AIX versions 4-7
RHEL versions 3 - 7
SUSE versions 10 - 11
Ubuntu versions 6-14
Red Hat 9
Solaris versions 2.6, 7 - 10