Qualys WAS 4.9 Boosts Security with JSON Input Testing for AJAX Apps
Qualys Web Application Scanning (WAS) 4.9 introduces a significant enhancement: the ability to test AJAX applications using JSON input for vulnerabilities. This update targets modern web apps heavily reliant on AJAX with JSON inputs for asynchronous communication.
PortSwigger, a renowned web security company, developed an extension for web application security scanners to test AJAX applications with JSON inputs. Qualys WAS 4.9 has integrated this feature, enabling it to detect SQL injection, cross-site scripting (XSS), and command injection vulnerabilities in JSON requests.
To identify SQL injection (SQLi), WAS appends a single quote (') to the email parameter in JSON data. For local file inclusion (LFI) detection, a vulnerable server might return the contents of a password file in response to a test. Additionally, WAS can now detect PHP command injection by sending a command within the JSON data for the query parameter. The SmartScan feature automates the execution of AJAX scripts for comprehensive vulnerability detection.
Qualys WAS 4.9's new JSON input testing capability addresses the security needs of modern web applications, offering enhanced protection against SQL injection, local file inclusion, and PHP command injection vulnerabilities in JSON requests.
Read also:
- Bank of America reveals investigation into Zelle platform, hints at potential legal action
- Laura Marie Geissler's Financial Profile and Professional Journey: An In-depth Analysis of Her Financial Status and Career Path
- EV Charging Network Broadens Reach in Phoenix, Arizona (Greenlane Extends Electric Vehicle Charging Infrastructure in Phoenix)
- Relying on on-site power generation for data centers faces opposition
