AppCheck Sentinel is an external monitoring system designed to detect Out-of-Band events such as DNS Lookups and HTTP requests. Its function in Web Application scanning is to aid the detection of vulnerabilities that cannot be identified through the use of conventional scanning techniques.
Traditionally, vulnerabilities such as SQL Injection and Cross-Site Scripting (XSS) are identified by submitting crafted input to the application then examining the resulting application behaviour to determine if the vulnerability exists. For example, SQL Injection is commonly identified through a specific string returned in the page, variances in page content or specific page response times triggered by injecting time delay payloads.
Screenshot Example: Triggering a string match response
Screenshot Example: Detecting Content Variance
There are two common conditions that cause many vulnerability scanning tools to miss a vulnerability:
To address this problem the AppCheck Sentinel system was created. By using Out-of-Band channels such as DNS, HTTP and SMTP, it is possible to detect even the most subtle vulnerabilities that would otherwise be missed through conventional scanning.
By monitoring external Out-of-Band events Sentinel is able to detect payload execution even when the payload is triggered outside of the scan duration (up to 1 year following the scan). In this video we demonstrate the detection of a Blind-XSS vulnerability whereby the payload is submitted to an internet facing web server but triggers on a back office system:
AppCheck submits payloads for several vulnerability classes that are designed to trigger a specific DNS lookup. The Sentinel system then monitors inbound DNS requests to determine that the payload executed successfully. Since DNS will propagate out of a network in almost all cases, this technique is extremely reliable & efficient when compared to the more traditional in-band approach. The animation below illustrates the detection of an XML processing vulnerability:
At the time of writing, the following vulnerability types are detected through Out-of-Band techniques (as well as conventional scanning):
No software to download or install.
Contact us or call us 0113 887 8380