31
May
Open Web Application Security Project Audit
Introduction
Open Web Application Security Project (OWASP) produces methodologies, documentation, tools, and technologies in the area of web application security. It produces Top 10 vulnerabilities after every 3 years. We cover OWASP TOP 10 2017 latest one and report the vulnerabilities related to it.
ESDS VTMScan Detection Techniques
- SQL Injection: In SQL Injection we append various payloads such as 1’ for GET and POST request and check if we get any database error. We check for functional and error-based SQL Injection. We check for error based, Boolean and blind SQL Injection as well.
- XML External Entities (XXE): In XXE we append payloads to check vulnerability in web application. We check for Error-based XXE, Out-Of-Band XXE and XSLT-base.
- Cross-Site Scripting (XSS): In XSS we append and input various payloads such as ‘><script>alert(/XSS_Check/)</script> etc. in GET and POST request and check for the response and if we get a vulnerable response then we report it.
- Insecure Deserialization: We look for deserialization vulnerabilities in multiple java frameworks, platforms and applications like Jenkins, Seam Framework, RMI over HTTP, Remote, Java Server Faces and others. We also check such issues in Servlet, Apache Struts2, JBoss Application, Jmx-console, admin-console, web-console and JMXInvokerServlet.
Latest posts by ESDS Software Solution Limited (see all)
- Achieving Secure, Reliable Compliance with India’s Data Sovereignty Mandates - November 17, 2025
- Implementing GPU workloads in critical government application - November 12, 2025
- Why the BFSI Industry Needs GPUaaS Now - October 31, 2025
