Page 35 - info_oct_2021_draft13
P. 35
In Focus
• Scheduled batch analysis of web applications vulnerabilities without minimal knowledge of
to collectively scan a large number of web application security.
applications simultaneously • Easy reporting via dashboard.
• Dashboard with reporting feature for easy • No licensing restrictions and hence can be
reporting of vulnerabilities discovered along used simultaneously by many users.
with mitigation measures
• Automated scan allows for simultaneous
User Classes and Characteristics scanning of a large number of web applications
• Security Auditors: Security auditors can use thereby reducing the manual effort required
the AVART tool to analyse websites for security for discovery and reporting of vulnerabilities.
issues without having to scan each website • Solutions for mitigation enable quick
one by one and let the tool do the scanning resolution of security issues.
automatically for all the websites in the domain
of the security auditor. Technology used
The tool is developed as a web based
• Project Coordinators: Project coordinators can application and the backend is developed in the
use the tool periodically on their websites form of an API to enable integration with other
and applications to discover vulnerabilities on systems in the future. Following technologies
their own and fix them based on the solutions were used for development of the application
provided in the reports.
• Analyse web applications for SSL issues • Developers: Developers can use the tool to • Frontend: • Backend:
• Analyse web applications for security discover and subsequently fix vulnerabilities Angular JS NodeJs
misconfiguration like missing HTTP security before submitting the application for audit. Bootstrap PHP
headers, vulnerable HTTP methods • Any Other Stake Holder: The application is user jQuery for OpenSSL
• Analyse web applications for usage of known friendly and easy to use and hence should be the front end MySQL database
vulnerable components usable by any user with some knowledge about
• Analyse web applications for sensitive application security. Future Road Map
information disclosure vulnerabilities Benefits of the application To develop a full fledged DAST tool for security
• Analyse web servers and discovery of open • Quick and easy analysis of web applications analysis and penetration testing of web and
mobile applications that can be used for easy,
ports for discovery of common web application efficient and effective management of various
parameters of application security.
Penetration Testing Tools
Asset
discovery
Vulnerability
scanning
Sample Penetration Testing Result
Vulnerability
assessment
Vulnerability
remediation
35
October 2021 informatics.nic.in 35
informatics.nic.in
