The ultimate web application scanner for SMEs

Project Requirements

:

•

Successfully map a web application with our web crawler

•

Detect RXSS and SQL Injection (error-based, time-based and second-order

error-based) exploitable vulnerabilities in a web application

•

Supply application owners with a full and detailed report of the detected

vulnerabilities

•

Enable customized scan, based on system capabilities

The product

:

•

Proof-of-concept Beta version of an open-source on-premise Seccurate

application, which can be easily deployed using its docker image

•

Full and elaborate documentation of all software packages and

algorithmic components

Zur Ulianitzky, Oren Zakay, Guy Shaked

Advisor: Dr. Nir Andelman

Software Engineering

System’s architecture

:

Project results:

•

Crawler performance –

100

% URL discovery rate

•

Vulnerability detection – 93.3% detection rate, 2.78% false-positive

detection rate

•

System’s GUI:

Seccurate is the essential package for SMEs. It is an open-

source application that can detect the most common web

application vulnerabilities, RXSS and SQL Injection. Seccurate

guarantees high detection and low false-positive rate and a

very intuitive GUI. Designed for easy future maintenance, it

is the best tool for SMEs who want to protect themselves.