GamaSec scanner explores the entire Web application environment and registers its structure and contents. Then it mimics actual hacking methods to identify and uncover the details of any point that is vulnerable to an attack including:
SQL Injection Attack - Attempt to get the database server to execute arbitrary SQL. Cross Site Scripting Attack - Attempt to coerce the program to outputting third party Javascript. Parameter Manipulation Attack - Attempt to manipulate input to application validation and filtering. Code Injection Attack - Attempt to execute arbitrary code. Hidden Tag Issues – Attempt to retrieve sensitive information, such as price, hard coded into forms using hidden tags.
The web scanner can be used to discover a wide range of vulnerabilities and, following detection, actually recommends solutions designed to protect the vulnerable data.