ParosPro Desktop Edition - Features
| Built-in Proxy
The built-in proxy is a man-in-the-middle proxy which captures all traffic between clients and servers. Information like request and reposnse header, parameter, HTML form data etc. is extracted from each capture request. You can easily trace these information from the user friendly interface. |
 |
Interceptor
The interceptor traps all HTTP/HTTPS messages passing through the proxy, so that you can modify the GET or POST data in HTTP messages on-the-fly. This provides a manual testing feature where you control the parameters to generate more effective tests that meet the requirements of your web application. |
|
Vulnerability Scanner
The intelligent vulnerability scanner simulates hacker attacks and identifies security risks for your website. It is fine-tuned to ensure a low rate of false positives while still delivering an effective and comprehensive set of results. The vulnerability scanner also provides protection against common web attacks and critical web application security flaws from OWASP such as:
- SQL injection scanning
- SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application which leads to data lost and data leakage. Our scan engine can simulate this attack without damaging your data.
- Cross site scripting (XSS) scanning
- Cross-site scripting is a typical vulnerability found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Our scan engine can identify which part of the site is vulnerable to Cross Site Scripting.
- CMS fingerprinting
- A Content Management System (CMS) is a web application used to create, edit, and manage web sites. After fingerprinting a particular CMS, our scanner will check for vulnerabilities and mis-configurations related to the CMS.
|
 |
Network Spider and Website Analysis
The network spider crawls a specified URL to collect information about the site hierarchy. The content of each crawled web page will be analysed further in order to figure out more links within that web page. The network spider will crawl deeper into the website until the maximum link limit is reached. Moreover, JavaScript Engine can be enabled in network spider. After enabled JavaScript, links triggered by JavaScript can also be crawled. The spider report includes the list of links and site hierarchy for manual inspection, |
|
Informative Assessment Reports
Report generated by ParosPro includes detailed information about the risk findings including risk level, site hierarchy. Moreover, solutions and references are also included for users to easily figure out the root cause and fix the security problems. After the scan is completed, a PDF version of the report is generated. |
Update Manager
The update manager checks for newly available plug-ins. With up-to-date plug-ins for latest vulnerabilities, our scanner can detect new vulnerabilities effectively. | Other tools
HTML encoding and conversion tool is included to facilitate your manual security testing. This tool includes:
- URL encode/decode
- Base64 encode/decode
- SHA1/MD5 hash calculation
|
|
Products