Executive Summary

Scan Name:	scanme
Date:	11/28/2011 7:02:07 PM
Authenticated User:	(none)
Total Links / Attackable Links:	267 / 219
Target URL:	http://scanme.ntobjectives.com
Reports:

Security Status - Complete

Vulnerability

Best Practice

Exposure

Vulnerability Trend

Crawl and Attack Summary:
We crawled 267 links and found 219 attack points for which we calculated 99,114 possible attacks of which 22,954 were actually performed.
There are 446 vulnerabilities detected of which 336 have been consolidated to 110 root causes, allowing us to reduce remediation labor by 75%.

Vulnerability Summary:
There are significant security concerns with this site, including High-Risk vulnerabilities and high threat Exposure. High-Risk vulnerabilities pose significant threat to web site security and can lead to the access, modification or loss of proprietary corporate information, customer information and more. Furthermore, federal legislation including Gramm-Leach-Bliley Act (GLBA), The Health Insurance Portability and Accountability Act (HIPAA) of 1996, Sarbanes-Oxley, as well as new laws in California may directly affect you. These issues create significant risk to the security of your network and should receive immediate attention.

Vulnerabilities by Risk

Vulnerabilities:
Root Causes:

446
110

Remediation Efficiency

Reduced remediation labor by 75%.

Remediation Cost Estimates For High and Medium Risk Issues

Remediator	Estimated time to fix ^*	Estimated cost ^*
Application Developer
69	59.75 – 94.25 man hours	$14,937.50 – $23,562.50
Server Administrator
1	2.25 – 3.00 man hours	$562.50 – $750.00

This estimate assumes that the source code is readily available in a
central location and the application does not have to be compiled.

Estimate Qualification*

Assessment Statistics

Module	Status	Potential	Performed	Found
SQL Injection	Enabled	13,980	11,500	106
CMD Injection	Enabled	20,970	0	0
Authentication Form SQL Injection	Disabled	0	0	0
Blind SQL	Enabled	18,640	4,465	90
Cross-Site Scripting	Enabled	2,417	2,417	169
Arbitrary File Upload	Enabled	0	0	0
Authentication Testing	Enabled	370	370	1
HTTP Response Splitting	Enabled	1,398	1,380	1
Trace Check	Disabled	0	0	0
Parameter Analysis	Enabled	27,028	922	28
Session Strength	Enabled	0	0	0
Directory Indexing	Enabled	3,015	216	4
Frame/iFrame Content Analysis	Enabled	0	0	0
Active Content Analysis	Enabled	0	0	0
Server Config	Disabled	0	0	0
Resource Locator	Enabled	0	0	0
Source Sleuth	Enabled	9,612	0	0
Java Grinder	Enabled	0	0	0
Web Service (SOAP) Analysis	Enabled	0	0	0
Website SSL Strength	Disabled	0	0	0
ActiveX	Disabled	0	0	0
Reverse Proxy	Disabled	0	0	0
Remote File Include	Enabled	1,684	1,684	0

Compliance Summary

Standard	Status	Issues
Best Practices	Fail	12
SOX	Fail	51
HIPAA	Pass	0
PCI	Fail	86
DISASTIG	Fail	79
GLB	Fail	4
OWASP2007	Fail	128
OWASP2010	Fail	126
FISMA	Fail	121

Vulnerabilities

This scan has only partial vulnerability checking enabled, and thus, is not a complete representation of all potential site vulnerabilities. It is recommended that full vulnerability checking be enabled when at all possible.

This site was found to have numerous vulnerabilities, including those considered to be High Risk. A High Risk vulnerability creates a strong opportunity for an attacker to compromise the site's security and gain access to, modify or delete information such as credit card information, other customer data, and other sensitive or proprietary data that is being stored. Furthermore, these systems may become a launching pad for the attacker to gain access to other systems and/or networks.

Remediation of High Risk vulnerabilities requires immediate attention in order to mitigate your security concern; other vulnerabilities should be addressed immediately afterwards, based on priority risk.

Positive Factors

The absence of backup files implies a strong deployment policy for moving web servers into production environments.

Negative Factors

	The application does not use strong validation filters on user-supplied data.
	The application does not filter unexpected characters from user-supplied data that form database queries.
	The application does not filter HTML tags with the potential for misuse.
	This site does not enforce a robust authentication policy that prevents weak or common passwords.
	The application's session management mechanism may be susceptible to prediction attacks.

Exposure

This site is architected with a high number of "Attack Points" that can be targeted by an attacker. While many of these may not create a direct vulnerability today, emerging threats focus on such site resources based on their ability to interact directly with the web server, application server or database. If such resources are necessary, it is highly recommended that a thorough code analysis be performed to ensure "Best Practices" are employed to reduce possible exploitation by emerging attacks. Ongoing analysis, assessment and monitoring of such resources are critical to mitigate any emerging threats to these Exposure concerns.

Positive Factors

	The application consists of a single web server platform.
	The application does not return raw HTTP error codes.

Negative Factors

	The application sends session tokens/cookies over HTTP (plaintext) instead of HTTPS (encrypted).
	This application uses many unique URL parameters, which increases the need for strong input validation filters.
	The application passes data to external web sites (external to the scanned domain).