WAVSEP Features

sectooladdict edited this page Jun 12, 2015 · 1 revision
Clone this wiki locally

Project WAVSEP currently includes the following test cases:

  • Path Traversal/LFI: 816 test cases, implemented in 816 jsp pages (GET & POST)
  • Remote File Inclusion (XSS via RFI): 108 test cases, implemented in 108 jsp pages (GET & POST)
  • Reflected XSS: 66 test cases, implemented in 64 jsp pages (GET & POST)
  • Error Based SQL Injection: 80 test cases, implemented in 76 jsp pages (GET & POST)
  • Blind SQL Injection: 46 test cases, implemented in 44 jsp pages (GET & POST)
  • Time Based SQL Injection: 10 test cases, implemented in 10 jsp pages (GET & POST)
  • Unvalidated Redirect: 60 test cases, implemented in 60 jsp pages (GET & POST)
  • Old, Backup and Unreferenced Files: 184 test cases, implemented in 184 files (GET Only)
  • Passive Information Disclosure/Session Vulnerabilities (inspired/imported from ZAP-WAVE): 3 test cases of erroneous information leakage, and 2 cases of improper authentication / information disclosure - implemented in 5 jsp pages
  • Experimental Test Cases (inspired/imported from ZAP-WAVE): 9 additional RXSS test cases (anticsrf tokens, secret input vectors, tag signatures, etc), and 2 additional SQLi test cases (INSERT) - implemented in 11 jsp pages (GET & POST)

False Positives:

  • 7 different categories of false positive Reflected XSS vulnerabilities (GET & POST)
  • 10 different categories of false positive SQL Injection vulnerabilities (GET & POST)
  • 8 different categories of false positive path traversal/LFI vulnerabilities (GET & POST)
  • 6 different categories of false positive (xss via) remote file inclusion vulnerabilities (GET & POST)
  • 9 different categories of false positive unvalidated redirect vulnerabilities (GET & POST)
  • 3 different behavior categories of false positive old, backup and unreferenced files (GET Only)

Additional Features:

  • A simple web interface for accessing the vulnerable pages
  • An auto-installer for the mysql database schema (/wavsep-install/install.jsp)
  • Sample detection & exploitation payloads for each and every test case
  • Database connection pool support, ensuring the consistency of scanning results


Although some of the test cases are vulnerable to additional exposures, the purpose of each test case is to evaluate the detection accuracy of one type of exposure, and thus, “out of scope” exposures should be ignored when evaluating the accuracy of vulnerability scanners.