Nemesida WAF includes the Nemesida Scanner module, which is designed to detect vulnerabilities and access critical data of a protected web application.
Using the security scanner allows you to identify the vulnerabilities of the web application and notify the owner of the resource. In the context of protecting a web application, the identified vulnerabilities will be additionally protected by virtual patching rules.
Nemesida Scanner identifies the following types of vulnerabilities:
- SQLi, XSS, LFI, RCE;
- Vulnerabilities of popular CMS (WordPress, Joomla, Drupal, etc.);
- Using components with known vulnerabilities;
- Critical data in the public domain.
And also performs additional checks:
- Using the HttpOnly and Secure flags in Cookies;
The scan results are available in the Nemesida WAF Cabinet.