Unique Patented Proprietary Methodologies
The methods used in XSS Warrior were presented at the world’s top web application cyber security conference OWASP AppSecUSA 2015. The outcome was that the XSS Warrior methods are faster and more accurate than the current methods deployed in the major commercial scanners. XSS Warrior uses a series of unique proprietary methodologies to find difficult XSS in an automated fashion.
xssWarrior and the underlying testing methodology has successfully found XSS bugs in name-brand Bug Bounty programs such as Netflix, Yahoo!, OKCupid, Yandex, Angellist. See: HackerOne & BugCrowd
Methods within XSS Warrior are now covered under US Patent.
Interesting Product Features
Some of our product features & methods:
1. Test for XSS privilege escalation attacks
3. Automated URL Filter Tests for Character Set Types for browser exploit translations
4. Algorithmic Parameter Manipulation to Trigger Unique XSS Cases
5. Reports scenario specific dangerous characters that bypass filter for further research
6. Extremely Accurate Stored XSS Scanning Method
Application Programming Interface (API)
Our remote SaaS API allows for the XSS Warrior analytical engine to be integrated into 3rd party products for scanning Internet facing hosts. Our engine will report it’s status in real-time with a heartbeat. The vulnerability results may be received in real time or as a final result. The results report protocol is in XML and is easily parsed.
Please contact us in regards to ordering and implementation API requests.
Flexible Architecture Integration
Organizations can run our licensed executable either manually on a workstation or as an internal SaaS service allowing for maximum architecture flexibility when it comes to automated continuous scanning. This is especially true for environments with high assurance levels.
Real time results or full reports may be pushed to any internal receiving web application API allowing for integration into any platform snapping easily into any existing reporting structure that parses XML.
xssWarrior is currently available through our service offerings during remote or onsite assessments.
Application and network penetration and vulnerability assessments are often required for compliance reasons such as SOX, PCI, HIPPA and ISO27001. We use industry standards OWASP as frameworks for our testing methodology. Unlike other assessment companies our tools are the start not the final product. Our experts can often write custom exploits based on zero-day attacks we find in your web and network infrastructure.
The xssWarrior Beta will be available to select clients starting late Q3 and early Q4.
Interested in our Beta or Full Product? Please inquire below and follow us on Twitter for announcements.
Application Penetration Testing
Application penetration testing assessments are designed to see if external hackers or internal employees can get unauthorized access to data or if your website has cyber security vulnerabilities.
Network Penetration Testing
Our assessments can be of your internet presence or internal network. We check for vulnerabilities on your network and try to use the discovered weakness to gain access to resources we should not.
Source Code Analysis
We preform static source code analysis to find vulnerabilities as a stand alone service or as part of our other assessment work. This service analyses the application to find bugs that may not be found through penetration testing means.
Mobile Application Testing
Our mobile application testing consists of dynamic and static application analysis. The assessment includes but is not limited to reverse engineering the mobile application, “light” source code review, network traffic assessment, back-end web services testing, and client database SQL injection testing.