Test list
All the security tests performed by VulnIT are listed below, grouped by function and object.
You can also download the full technical documentation.
| Patch Management |
Development | Access control |
Configuration | Encryption | |
| Windows (OS and 3rd-party apps) |
 |
|
|||
| Unix (OS and 3rd-party apps) |
|
|
|||
| Web | |
|
|
|
|
| Databases | |
|
|
||
| Networks | |
|
|
|
These tests are listed hereunder.
- Patch management
- Windows (OS and 3rd-party apps),
- Unix (OS and 3rd-party apps),
- Databases,
- Web servers,
- Applications,
- Web applications
- SQL injection,
- Cross-Site Scripting (XSS),
- File inclusion (LFI/RFI),
- Authentication (by dictionary),
- Cross-Site Request Forgery (CSRF),
- Session management,
- Unvalidated redirect,
- Full-Path Disclosure,
- Unwanted temporary files,
- Information leackage,
- Databases (authentication)
- SQL Server,
- Oracle,
- MySQL,
- DB2 Unix/Windows,
- PostgreSQL,
- File sharing (authentication)
- Windows shares (open to everyone),
- FTP,
- Remote access (authentication)
- SSH,
- Telnet,
- Wifi testing console (on the VulnIT USB key only)
- Testing console dedicated to Windows files sharing
- Messaging
- SMTP (open mail relay),
- Domain name server
- DNS (zone transfer),
- Simple network protocols
- SNMP (read/write communities),
- RPC (useful information gathering),
- SSL (insufficient encryption).