Skip to content
VigilGuard Logo VigilGuard
Contact Us
EASM Platform VendorGuard ITRM Platform

Language-Specific Security

Language-Specific Security

Section titled “Language-Specific Security”

5 automated security scanners

Python Security

Section titled “Python Security”

Purpose: The Python Security Scanner is designed to identify and report potential vulnerabilities and dependency issues within a specified domain and GitHub organization. It aims to ensure secure coding practices and up-to-date dependencies by detecting outdated libraries, insecure HTTP headers, TLS/SSL configuration issues, misconfigured DNS records, and open ports that may indicate security risks.

What It Detects:

  • Vulnerable Dependencies: Identifies outdated or vulnerable libraries using known CVE databases and checks for dependencies with high severity vulnerabilities.
  • Security Headers in HTTP Responses: Ensures the presence of critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Configuration Issues: Detects weak or deprecated TLS versions (e.g., TLSv1.0, TLSv1.1) and insecure cipher suites (e.g., RC4, DES, MD5).
  • DNS Record Security: Validates SPF, DMARC, and DKIM records for proper configuration and checks for common misconfigurations in TXT, MX, NS, CAA, and DMARC records.
  • Port Scanning and Service Fingerprinting: Scans for open ports that may indicate security risks and identifies services running on these ports to assess potential vulnerabilities.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • github_org (string): GitHub organization name for repository scanning (e.g., “AcmeCorp”)

Business Impact: This scanner is crucial for maintaining the security and integrity of applications by proactively identifying and addressing vulnerabilities in dependencies, insecure configurations, and outdated libraries. It helps organizations avoid potential data breaches and compliance issues related to security standards such as GDPR or HIPAA.

Risk Levels:

  • Critical: Conditions that could lead to immediate system compromise or significant data loss. Examples include high severity vulnerabilities in critical libraries and misconfigurations leading to open ports on critical services.
  • High: Conditions that pose a significant risk but may not directly compromise security, such as outdated dependencies and missing security headers.
  • Medium: Conditions that indicate potential risks but can be mitigated through configuration adjustments or updates. Examples include the use of weak cipher suites and misconfigured DNS records.
  • Low: Informative findings that do not necessarily affect security but could improve overall system performance or compliance, such as detecting deprecated TLS versions without immediate action.
  • Info: General information about the environment and dependencies that does not directly impact security but provides valuable context for auditing and reporting.

Example Findings:

  1. A critical vulnerability was found in requests library version 2.25.0, which is used to make HTTP requests. This could lead to unauthorized access if exploited.
  2. The domain does not enforce HTTPS strictly (Strict-Transport-Security header missing), making it vulnerable to protocol downgrade attacks and exposing sensitive information in transit.

Java JVM Security

Section titled “Java JVM Security”

Purpose: The Java JVM Security Scanner evaluates the security posture of a Java Virtual Machine (JVM) by probing various technical aspects including DNS configurations, HTTP security headers, TLS/SSL settings, and open ports. This helps identify potential vulnerabilities that could be exploited to compromise the JVM environment.

What It Detects:

  • Security Headers: Ensures that the site is only accessible via HTTPS with Strict-Transport-Security, prevents cross-site scripting (XSS) and data injection attacks with Content-Security-Policy, protects against clickjacking with X-Frame-Options, and prevents browsers from interpreting files as something else than declared by X-Content-Type-Options.
  • TLS Issues: Identifies older versions of TLS such as TLSv1.0 and TLSv1.1, weak cipher suites including RC4, DES, and MD5 that are considered insecure due to vulnerabilities like POODLE.
  • DNS Records: Ensures that only authorized mail servers can send emails on behalf of the domain with SPF, builds upon SPF and DKIM to provide instructions for handling email authentication failures with DMARC, and verifies the authenticity of an email with DKIM.
  • Port Scanning: Identifies open ports such as default JVM ports like 1099 or 8686 that could be exploited if not properly secured.
  • Service Fingerprinting: Determines the services running on identified open ports to assess their security configurations and potential vulnerabilities.

Inputs Required:

  • domain (string): Primary domain to analyze (e.g., acme.com)
  • github_org (string): GitHub organization name for additional security checks (e.g., “AcmeCorp”)

Business Impact: This scanner is crucial as it helps in identifying potential vulnerabilities that could be exploited, thereby safeguarding the JVM environment and preventing potential cyber threats to the system.

Risk Levels:

  • Critical: Conditions where the scanner identifies outdated or insecure TLS versions, weak cipher suites, or missing security headers that are critical for web application security.
  • High: Conditions where the scanner detects open ports that could be used in unauthorized access attempts, especially default JVM ports which might expose sensitive internal services.
  • Medium: Conditions where the scanner finds partial configurations of security features like DNS records and some HTTP headers, indicating potential misconfigurations or incomplete protections.
  • Low: Conditions where minor issues are detected such as unimplemented parts of a policy (e.g., missing DMARC but having both SPF and DKIM configured).
  • Info: Informative findings that provide basic information about the environment without direct security implications.

Example Findings:

  • A website with no Strict-Transport-Security header, which could be exploited for protocol downgrade attacks.
  • TLSv1.0 being used, indicating a lack of updated encryption standards to protect data in transit.
  • An open port 8686 that is not documented as part of the JVM’s standard configuration, potentially exposing internal services to unauthorized access.

.NET Security

Section titled “.NET Security”

Purpose: The .NET Security Scanner is designed to identify and report vulnerabilities specific to .NET applications. It performs a comprehensive analysis of DNS, HTTP, TLS/SSL configurations, open ports, and APIs to detect potential security weaknesses that could be exploited by malicious actors.

What It Detects:

  • Security Headers Analysis: The scanner checks for the presence of critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options. These headers are crucial for enhancing the security of web applications.
  • TLS/SSL Vulnerabilities: It identifies outdated or insecure TLS versions, weak cipher suites, and protocols like RC4, DES, and MD5 which can be exploited to compromise data in transit.
  • DNS Record Validation: The scanner validates TXT, MX, NS, CAA, and DMARC records for proper configuration. Misconfigurations in these DNS records can lead to security vulnerabilities such as phishing attacks or unauthorized access.
  • Port Scanning and Service Fingerprinting: By scanning for open ports and identifying running services, the scanner assesses potential risks associated with unauthorized services and outdated software versions.
  • API Security Assessment: The scanner analyzes API endpoints for common security issues including improper authentication and insecure data handling practices.

Inputs Required:

  • domain (string): The primary domain to be analyzed, e.g., acme.com. This is the main target of the security assessment.
  • github_org (string): The GitHub organization name for additional analysis, e.g., “AcmeCorp”. This input allows the scanner to gather more information from repositories within the specified organization, if needed.

Business Impact: Detecting and remediating vulnerabilities in .NET applications is crucial as it directly impacts data integrity, confidentiality, and availability. Security weaknesses can lead to unauthorized access, data breaches, and other severe consequences that may affect both business operations and customer trust.

Risk Levels:

  • Critical: The scanner identifies outdated TLS versions or weak cipher suites on critical ports like 443.
  • High: Misconfigurations in DNS records such as incorrect SPF settings can lead to high risks, especially if they allow unauthorized access.
  • Medium: Open ports that are not expected for the service being offered by a domain could indicate potential security issues or misconfigurations.
  • Low: Informational findings might include missing certain security headers which while not critical, should be addressed to enhance overall web application security posture.
  • Info: These are generally about identifying DNS records and open ports that do not have expected configurations but do not pose immediate risks.

If the README doesn’t specify exact risk levels, we infer them based on severity of issues detected.

Example Findings:

  1. A .NET application is found to be using TLSv1.0 and RC4 cipher suites for HTTPS traffic, which are both outdated and insecure, posing a critical risk as they can easily be bypassed or intercepted during data transmission.
  2. The DNS configuration of acme.com includes an incorrect SPF record (+all), allowing any sender to deliver email on behalf of the domain, which is a high-risk misconfiguration that could lead to phishing attacks and unauthorized access.

JavaScript Node.js Security

Section titled “JavaScript Node.js Security”

Purpose: The JavaScript Node.js Security Scanner evaluates the security posture of a JavaScript Node.js application by probing various aspects of its infrastructure, including DNS configurations, HTTP headers, TLS/SSL settings, and open ports. This helps identify potential vulnerabilities that could be exploited.

What It Detects:

  • Security Headers Analysis: Checks for presence of critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Configuration Issues: Identifies outdated or insecure TLS versions (e.g., TLSv1.0, TLSv1.1) and detects weak cipher suites like RC4, DES, and MD5.
  • DNS Record Validation: Validates SPF records for proper configuration, checks DMARC policies to ensure they are set to none, quarantine, or reject, and ensures DKIM records are present.
  • Port Scanning and Service Fingerprinting: Scans common ports to identify open services and attempts to fingerprint services running on identified ports for potential vulnerabilities.
  • API Security Evaluation: Analyzes security headers of exposed APIs and checks for proper authentication mechanisms and rate limiting.

Inputs Required:

  • domain (string): The domain of the Node.js application to analyze (e.g., acme.com).
  • github_org (string): The GitHub organization name associated with the project (e.g., “AcmeCorp”).

Business Impact: This scanner is crucial for assessing and improving the security posture of JavaScript Node.js applications, helping to prevent potential vulnerabilities that could be exploited by malicious actors, thereby safeguarding sensitive data and maintaining trust in the application’s users.

Risk Levels:

  • Critical: Identifies outdated TLS versions or presence of weak cipher suites that are highly vulnerable and must be addressed immediately.
  • High: Indicates missing critical security headers or misconfigurations that could lead to significant risks if exploited, requiring urgent attention.
  • Medium: Points out potential issues that might not directly compromise security but can be improved for better protection and performance.
  • Low: Covers findings that are less severe but still recommend improvements for enhanced security practices.
  • Info: Provides informational insights that do not necessarily affect the immediate risk level but contribute to a comprehensive security assessment.

Example Findings:

  • The scanner might flag an application using TLSv1.0, which is highly vulnerable and should be upgraded immediately.
  • A misconfigured DMARC policy set to none could lead to unauthorized access and data leakage if not corrected.

Golang Security

Section titled “Golang Security”

Purpose: The Golang Security Scanner is designed to identify and report potential vulnerabilities and security issues specific to Go applications. It probes domains and GitHub organizations to detect weaknesses in security headers, outdated TLS versions, insecure DNS records, open ports, and API configurations.

What It Detects:

  • Security Headers Analysis: Checks for the presence of critical security headers such as Strict-Transport-Security, Content-Security-Policy, X-Frame-Options, and X-Content-Type-Options.
  • TLS/SSL Inspection: Identifies outdated or insecure TLS versions (e.g., TLSv1.0, TLSv1.1) and weak cipher suites (e.g., RC4, DES, MD5).
  • DNS Record Validation: Validates DNS records including SPF (TXT), DMARC (TXT), DKIM (TXT), MX (MX), NS (NS), and CAA (CAA) for proper configuration.
  • Port Scanning: Scans common ports to identify open services and potential vulnerabilities.
  • API Security Checks: Analyzes APIs for security headers, redirects, and content to ensure they follow best practices.

Inputs Required:

  • domain (string): The primary domain to analyze (e.g., acme.com).
  • github_org (string): The GitHub organization name for package security analysis (e.g., “AcmeCorp”).

Business Impact: This scanner is crucial for maintaining the security of Go applications by identifying and mitigating potential threats through improved configuration and protocol adherence, which directly impacts the integrity and confidentiality of sensitive data handled by these applications.

Risk Levels:

  • Critical: Severe vulnerabilities in security headers or critical DNS records that expose systems to immediate risk without mitigation.
  • High: Outdated TLS versions or weak cipher suites that can be easily exploited with minimal effort, potentially leading to unauthorized access.
  • Medium: Minor issues in API configurations that could be bypassed but do not pose a significant threat if properly configured.
  • Low: Informalities such as missing content in security headers which may have minor implications on security posture.
  • Info: General information about the environment and system configuration, useful for baseline assessments but generally non-critical.

Example Findings:

  1. A domain lacks Strict-Transport-Security header, making it susceptible to protocol downgrade attacks.
  2. TLSv1.0 is detected on a critical port, indicating inadequate security measures that could be bypassed with ease.