Yonita Web Scanner

Yonita Web Scanner is aimed at detection of security vulnerabilities of web sites and online applications.

Yonita Web Scanner performs dynamic verification of web applications based on automated tests generated by Smart Test Generator and Randomized Data Generator.

The main threats detected by Smart Web Scanner are:

  • Defects in authentication, authorization, and session management
  • Injections, such as script injection, OS command injection, SQL injection, CRLF injection, and others
  • Cross-site Scripting (XSS)
  • Cross-site Request Forgery
  • Defects in forward and redirect mechanisms
  • Path traversal
  • Content spoofing
  • Buffer overflow
  • Direct object references

Yonita Web Scanner is based on automated tests generated by two cooperating components:

  • A Smart Test Generator that creates a test suite based on the discovered structure of a web application
  • A Randomized Data Generator that provides input data to the generated test scenarios to cover various execution paths and security vulnerabilities.