security-testing
SECURITY TESTING
Engineered for Continuous
Security in Agile Environments
TestWheel security testing platform makes web applications safe and secure by discovering vulnerabilities, generating continuous data, and being integrated with the DevOps pipeline.
Security Testing for Modern Web Applications
TestWheel utilizes the OWASP ZAP (Zet Attack Proxy) as a primary tool to detect, evaluate, and mitigate the security vulnerabilities in the web application. Our security testing platform is meant to help organizations become more productive by seamlessly integrating with DevOps and CI/CD environments. With our sophisticated approach, the security testing feature provides comprehensive vulnerability detection insights and compliance verifications that help organizations remain secure.
By integrating our security testing into your agile environment, development and testing teams will easily monitor the vulnerabilities at every phase of development.
Our Key Security Testing Features
TestWheel performs in-depth passive scanning of your web applications traffic requests and responses from HTTP and HTTPS without interrupting the web applications performance or user experience. It searches for vulnerabilities that are possible to identify without changing network traffic.
Missing Security Headers: Detects missing or misconfigured non-standard HTTP security headers like Content Security Policy (CSP), X-Frame-Options, and Strict-Transport-Security, which helps to avoid common attacks.
Information Disclosure: Detects vulnerabilities causing inadvertent release of sensitive information such as versioning banners on web servers or debugging information, which help prevent unwanted intelligence collection by intruders.
Cookie Attribute Issues: Indicates insecure settings on cookie configuration, i.e., the absence of either HttpOnly or Secure flags from session hijacking and other similar session vulnerabilities.
The power of the TestWheel passive scanning is extreme in discovering vulnerability with zero chance of affecting the production systems. It is the first checkpoint to ensure best practices are adhered to in application security.
TestWheel smart active scanning feature conducts a deeper scan to expose the vulnerabilities and safely mimic real-world scenarios. It sends the test analysis request to your application without harming the application’s performance to identify the following malicious activity.
SQL Injection: Identifies the SQL injection techniques used by attackers for unauthorized access to steal potentially sensitive information from the database.
Cross-Site Scripting (XSS): Identifies vulnerabilities that hackers may exploit to insert harmful scripts into your application, affecting users and obtaining information.
Command Injection: Reveals weak points in the application that hackers could exploit to run arbitrary system commands on your server.
Path Traversal: Detects the possible issues that allow unauthorized access to files and folders outside the intended scope.
CRLF Injection: Identifies vulnerabilities that hackers can use to change HTTP responses and introduces malicious activities such as response splitting.
Active scanning is fully customizable, allowing you to control the intensity of tests and focus on specific areas of your application.
TestWheel spidering is a detailed and extensive method of mapping your web application that includes all the accessible endpoints and URLs. This feature guarantees that your application is not only accessed but also tested in any hidden or less accessible areas.
JavaScript-Aware Spider: Crawls well modern web applications, those built with JavaScript heavy frameworks as well.
AJAX Spider Support: Supports single-page applications where all the dynamic content is crawled and tested.
TestWheel demonstrates effective vulnerability scanning of your application attack surface by finding all entry points
To scan protected areas of your application, TestWheel allows a broad variety of authentication methods to enable authenticated scans.
Form-Based Login: Validates for authorized/restricted area login attempts.
API Token Authentication: Our platform allows tokens-based authentication of APIs
Script-Based Login: Enhances the process of custom authentication of applications which are complex in nature.
This versatility allows the TestWheel to adapt to your application authentication requirements, providing comprehensive security coverage.
Remediation and compliance require very clear and actionable reporting at the core. TestWheel security testing offers various types of reports at your convenience.
- TestWheel offers HTML, XML, JSON, and a variety of reports that facilitate tracking workflows.
- Summaries of observed vulnerabilities, risk scores and corrective recommendations
TestWheel performs in-depth passive scanning of your web applications traffic requests and responses from HTTP and HTTPS without interrupting the web applications performance or user experience. It searches for vulnerabilities that are possible to identify without changing network traffic.
Missing Security Headers: Detects missing or misconfigured non-standard HTTP security headers like Content Security Policy (CSP), X-Frame-Options, and Strict-Transport-Security, which helps to avoid common attacks.
Information Disclosure: Detects vulnerabilities causing inadvertent release of sensitive information such as versioning banners on web servers or debugging information, which help prevent unwanted intelligence collection by intruders.
Cookie Attribute Issues: Indicates insecure settings on cookie configuration, i.e., the absence of either HttpOnly or Secure flags from session hijacking and other similar session vulnerabilities.
The power of the TestWheel passive scanning is extreme in discovering vulnerability with zero chance of affecting the production systems. It is the first checkpoint to ensure best practices are adhered to in application security.
TestWheel smart active scanning feature conducts a deeper scan to expose the vulnerabilities and safely mimic real-world scenarios. It sends the test analysis request to your application without harming the application’s performance to identify the following malicious activity.
SQL Injection: Identifies the SQL injection techniques used by attackers for unauthorized access to steal potentially sensitive information from the database.
Cross-Site Scripting (XSS): Identifies vulnerabilities that hackers may exploit to insert harmful scripts into your application, affecting users and obtaining information.
Command Injection: Reveals weak points in the application that hackers could exploit to run arbitrary system commands on your server.
Path Traversal: Detects the possible issues that allow unauthorized access to files and folders outside the intended scope.
CRLF Injection: Identifies vulnerabilities that hackers can use to change HTTP responses and introduces malicious activities such as response splitting.
Active scanning is fully customizable, allowing you to control the intensity of tests and focus on specific areas of your application.
TestWheel spidering is a detailed and extensive method of mapping your web application that includes all the accessible endpoints and URLs. This feature guarantees that your application is not only accessed but also tested in any hidden or less accessible areas.
JavaScript-Aware Spider: Crawls well modern web applications, those built with JavaScript heavy frameworks as well.
AJAX Spider Support: Supports single-page applications where all the dynamic content is crawled and tested.
TestWheel demonstrates effective vulnerability scanning of your application attack surface by finding all entry points
To scan protected areas of your application, TestWheel allows a broad variety of authentication methods to enable authenticated scans.
Form-Based Login: Validates for authorized/restricted area login attempts.
API Token Authentication: Our platform allows tokens-based authentication of APIs
Script-Based Login: Enhances the process of custom authentication of applications which are complex in nature.
This versatility allows the TestWheel to adapt to your application authentication requirements, providing comprehensive security coverage.
Remediation and compliance require very clear and actionable reporting at the core. TestWheel security testing offers various types of reports at your convenience.
- TestWheel offers HTML, XML, JSON, and a variety of reports that facilitate tracking workflows.
- Summaries of observed vulnerabilities, risk scores and corrective recommendations
TestWheel Security Testing – Use Cases
TestWheel Security Testing feature is designed to address a variety of security needs including,
Authenticated Security Scans
For user-configured web applications, an extensive security scan is conducted, including a complex authentication mechanism.
Scheduled or CI-Triggered Scans
Automate scans or schedule them as an integral part of your CI/CD pipeline, and provide the report summary for easy tracking.
Security Regression Testing
Conducts the regression testing for identified vulnerabilities, ensuring the issues are resolved before the next release.
App-Specific Scan Policies
Design customized scan policies to concentrate on the most vulnerable areas of your application, resulting in improved efficiency.
Vulnerable Tracking
Efficiently monitor and track the vulnerabilities of the applications that help stay safe and secure.
Summary Table: TestWheel Coverage by OWASP
| OWASP | TestWheel Security Testing Coverage |
|---|---|
| Injection (A03:2021) | Excellent |
| Security Misconfiguration (A05:2021) | Robust |
| Cryptographic Failures (A02:2021) | Limited (Transport Security) |
| Identification & Authentication (A07) | Partial (Password/Session Weaknesses) |
| SSRF (A10:2021) | Basic (Known Parameters) |