Discover NSFOCUS RSAS V6.0R04F04’s Enhanced Web Scanning Capabilities

Discover NSFOCUS RSAS V6.0R04F04’s Enhanced Web Scanning Capabilities

November 6, 2024 | NSFOCUS

The recently released RSAS version, V6.0R04F04, not only boasts a refreshed user interface but also packs a punch with enhanced web scanning capabilities.

In addition to the already impressive Web Crawler 2.0, which is capable of handling front-end and back-end separated architectures, we’ve fortified the crawler engine with new features and a brand-new policy configuration for even more precision.

Here’s what’s new:

1. DNSLog Callback Switch

For clients under strict network control, this feature addresses concerns about external connections during web scanning. It’s designed to detect vulnerabilities like fastjson deserialization remote code execution and Log4j2 remote code execution, which don’t have visible output. The scanner includes a remote blind attack platform, DNSLog, which triggers specific DNS requests based on the vulnerability principle. The existence of a vulnerability is confirmed by monitoring if a specific DNS request is made.

2. Intelligent Form Filling

Once enabled, the rendered crawler intelligently fills input fields with data that conforms to form specifications. This feature is built on top of the rendered crawler, which is the Web Crawler 2.0.

3. Crawling and Result Filtering Policies

These policies allow for more control over the scanning process. Crawling Filtering Policy prevents RSAS from crawling new links based on matched criteria (pre-crawl restriction), while Result Filtering Policy stops RSAS from scanning for vulnerabilities and displaying them in the report for links that match the criteria (post-crawl, no plugin vulnerability checks or site tree display). We support bulk filtering of links based on response status codes, file extensions, and APIs, with wildcard support.

4. localStorage and sessionStorage Configurations

To address authentication issues on websites using localStorage and sessionStorage, NSFOCUS RSAS V6.0R04F04 introduces configurations for both. Here’s how to configure them:

  • For localStorage: Log in to the website > Open browser developer tools > Switch to Console > Execute JSON.stringify(localStorage) > Right-click on the result and select “Copy string contents.”
  • For sessionStorage: Log in to the website > Open browser developer tools > Switch to Console > Execute JSON.stringify(sessionStorage) > Right-click on the result and select “Copy string contents.”

With these new features, NSFOCUS RSAS V6.0R04F04 raises the bar for web security scanning, providing a more robust and efficient solution for detecting vulnerabilities and ensuring the safety of your digital assets. Stay secure, and stay ahead with the latest in web security technology!