security-testing

Engineered for Continuous Security in Agile Security in Agile
Environments

TestWheel security testing platform makes web applications safe and secure by discovering vulnerabilities, generating continuous data, and being integrated with the DevOps pipeline.

Vulnerability Detection

Find risks before they’re exploited.
Data Protection

Safeguard sensitive info from breaches.

Compliance Assurance

Meet key industry security standards.
System Resilience

Improve stability and reduce risk long-term.

TestWheel Security Testing – Use Cases

TestWheel Security Testing feature is designed to address a variety of security needs including

Authenticated Security Scans

For user-configured web applications, an extensive security scan is conducted, including a complex authentication mechanism.

Scheduled or CI-Triggered Scans

Automate scans or schedule them as an integral part of your CI/CD pipeline, and provide the report summary for easy tracking.

Security Regression Testing

Conducts the regression testing for identified vulnerabilities, ensuring the issues are resolved before the next release.

App-Specific Scan Policies

Design customized scan policies to concentrate on the most vulnerable areas of your application, resulting in improved efficiency.

Vulnerable Tracking

Efficiently monitor and track the vulnerabilities of the applications that help stay safe and secure.

Our Key Security Testing Features

Passive Scanning

TestWheel performs in-depth passive scanning of your web applications traffic requests and responses from HTTP and HTTPS without interrupting the web applications performance or user experience. It searches for vulnerabilities that are possible to identify without changing network traffic.

Missing Security Headers: Detects missing or misconfigured non-standard HTTP security headers like Content Security Policy (CSP), X-Frame-Options, and Strict-Transport-Security, which helps to avoid common attacks.
Information Disclosure: Detects vulnerabilities causing inadvertent release of sensitive information such as versioning banners on web servers or debugging information, which help prevent unwanted intelligence collection by intruders.
Cookie Attribute Issues: Indicates insecure settings on cookie configuration, i.e., the absence of either HttpOnly or Secure flags from session hijacking and other similar session vulnerabilities.The power of the TestWheel passive scanning is extreme in discovering vulnerability with zero chance of affecting the production systems. It is the first checkpoint to ensure best practices are adhered to in application security.

Active Scanning

TestWheel smart active scanning feature conducts a deeper scan to expose the vulnerabilities and safely mimic real-world scenarios. It sends the test analysis request to your application without harming the application’s performance to identify the following malicious activity.

SQL Injection: Identifies the SQL injection techniques used by attackers for unauthorized access to steal potentially sensitive information from the database.
Cross-Site Scripting (XSS): Identifies vulnerabilities that hackers may exploit to insert harmful scripts into your application, affecting users and obtaining information.
Command Injection: Reveals weak points in the application that hackers could exploit to run arbitrary system commands on your server.
Path Traversal: Detects the possible issues that allow unauthorized access to files and folders outside the intended scope.
CRLF Injection: Identifies vulnerabilities that hackers can use to change HTTP responses and introduces malicious activities such as response splitting.
Active scanning is fully customizable, allowing you to control the intensity of tests and focus on specific areas of your application.

Spidering and Crawling

TestWheel spidering is a detailed and extensive method of mapping your web application that includes all the accessible endpoints and URLs. This feature guarantees that your application is not only accessed but also tested in any hidden or less accessible areas.

JavaScript-Aware Spider: Crawls well modern web applications, those built with JavaScript heavy frameworks as well.
AJAX Spider Support: Supports single-page applications where all the dynamic content is crawled and tested.
TestWheel demonstrates effective vulnerability scanning of your application attack surface by finding all entry points

Authentication Support

To scan protected areas of your application, TestWheel allows a broad variety of authentication methods to enable authenticated scans.

Form-Based Login: Validates for authorized/restricted area login attempts.
API Token Authentication: Our platform allows tokens-based authentication of APIs
Script-Based Login: Enhances the process of custom authentication of applications which are complex in nature.
This versatility allows the TestWheel to adapt to your application authentication requirements, providing comprehensive security coverage.

Reporting and Analytics

Remediation and compliance require very clear and actionable reporting at the core. TestWheel security testing offers various types of reports at your convenience.

TestWheel offers HTML, XML, JSON, and a variety of reports that facilitate tracking workflows.
Summaries of observed vulnerabilities, risk scores and corrective recommendations

Summary Table: TestWheel Coverage by

OWASP

OWASP Category	TestWheel Security Testing Coverage
Injection (A03:2021)	Excellent
Security Misconfiguration (A05:2021)	Robust
Cryptographic Failures (A02:2021)	Limited (Transport Security)
Identification & Authentication (A07)	Partial (Password/Session Weaknesses)
SSRF (A10:2021)	Basic (Known Parameters)