Detecting Delayed Execution Vulnerabilities

AppCheck Sentinel is an external monitoring system designed to detect Out-of-Band events such as DNS Lookups and HTTP requests. Its’ function in Web Application scanning is to aid the detection of vulnerabilities that cannot be identified through the use of conventional scanning techniques.

AppCheck Sentinel External Monitoring System

 

Blind XSS Video Demo

AppCheck Sentinel is an external monitoring system designed to detect Out-of-Band events such as DNS Lookups and HTTP requests. Its function in Web Application scanning is to aid the detection of vulnerabilities that cannot be identified through the use of conventional scanning techniques.

 

Traditional Scanning Techniques

 

Traditionally, vulnerabilities such as SQL Injection and Cross-Site Scripting (XSS) are identified by submitting crafted input to the application then examining the resulting application behaviour to determine if the vulnerability exists. For example, SQL Injection is commonly identified through a specific string returned in the page, variances in page content or specific page response times triggered by injecting time delay payloads.

 

Screenshot Example: Triggering a string match response

Error_SQL

Screenshot Example: Detecting Content Variance

Content_Variance_SQL

When the traditional approach fails

 

There are two common conditions that cause many vulnerability scanning tools to miss a vulnerability:

  • Successful detection/exploitation of the flaw requires further user or system interaction, such as being processed through a CRM system.
  • Some vulnerability classes provide no direct indication that the attack was successful. The payload triggers but does not affect the front end application.

To address this problem the AppCheck Sentinel system was created. By using Out-of-Band channels such as DNS, HTTP and SMTP, it is possible to detect even the most subtle vulnerabilities that would otherwise be missed through conventional scanning.

 

Detecting delayed payload execution

 

By monitoring external Out-of-Band events Sentinel is able to detect payload execution even when the payload is triggered outside of the scan duration (up to 1 year following the scan). In this video we demonstrate the detection of a Blind-XSS vulnerability whereby the payload is submitted to an internet facing web server but triggers on a back office system:

Detecting Blind Payload Execution via DNS

 

AppCheck submits payloads for several vulnerability classes that are designed to trigger a specific DNS lookup. The Sentinel system then monitors inbound DNS requests to determine that the payload executed successfully. Since DNS will propagate out of a network in almost all cases, this technique is extremely reliable & efficient when compared to the more traditional in-band approach. The animation below illustrates the detection of an XML processing vulnerability:

SentinelXXE

AppCheck Sentinel Coverage

 

At the time of writing, the following vulnerability types are detected through Out-of-Band techniques (as well as conventional scanning):

  • SQL Injection
  • Command / Code Injection
  • XXE and XML Injection
  • SMTP Buffer Truncation and Header Injection
  • Blind Cross-Site-Scripting
  • Generic External Service Interaction

 

Get started with Appcheck

No software to download or install.

Contact us or call us 0113 887 8380

Start your free trial

Further Reading

About AppCheck

AppCheck is a software security vendor based in the UK, offering a leading security scanning platform that automates the discovery of security flaws within organisations websites, applications, network and cloud infrastructure. AppCheck are authorised by the Common Vulnerabilities and Exposures (CVE) Program as a CVE Numbering Authority (CNA)

Put us to the test.
Try AppCheck for free

No software to download or install.
Contact us or call us 0113 887 8380
Start your free trial
"AppCheck’s coverage is extensive, ensuring that no area is left unaddressed, even in complex architectures with intricate authentication systems."
"Gone are the weeks of liaising with vendors and honing scan profiles to produce a once a year report. Regular automated scheduled scans means we can relax while AppCheck does the heavy lifting."
"Comprehensive, competitively priced, easy to use tool with simple onboarding and excellent support."
"Their support team offer useful guidance on getting the best out of the tool, as well as keeping us updated with the latest threats and security news."
"Comprehensive, competitively priced, easy to use tool with simple onboarding and excellent support."
"The detailed reports and actionable insights provided have proven invaluable in enhancing our overall security posture. Highly recommended for robust and effective security assessments."
"The competence of its results truly stands out when compared to other scanners I've used in the past and even manual penetration tests. It’s very user-friendly too for such a complex tool."
"When we compared AppCheck against a team of manual penetration testers, AppCheck identified all of the same vulnerabilities, plus an additional three critical vulnerabilities and did so in under half the time."
Services
Company
Resources
Keep in touch

AppCheck Ltd. is a company registered in England and Wales with company number 06888174

Start your free trial

Simply complete the form and we’ll send you all you need to activate AppCheck and undertake your FREE scan.
Your details
IP Addresses
URLs

Get in touch