Understanding Fingerprinted Software

Vulnerabilities are generally related to specific technologies, hence Application Scanning tries to identify (fingerprint) what technologies the web application uses in order to know what security testing to perform.

To see what technologies we discovered during Application Scanning, you find a “Fingerprinted Software” finding in your scanning results

By selecting “view finding”, you get information about what technologies while exploring the web application. We look for a number of different technologies, such as:

  • hosting provider: AWS, GCE, Azure, Binero, 000webhost, Wix, .…

  • domain registrar: GoDaddy, Loopia, Google DNS, Amazon R53, …

  • e-mail provider: GSuite (GMail), Outlook, mail.com, …

  • web firewall: Incapsula, F5 Big-IP, CloudFlare, Wordfence, mod_security, …

  • web server: nginx, Apache, Tomcat, IIS, Caddy, …

  • operating system: Windows, Linux, FreeBSD, …

  • content management system (CMS): WordPress, Drupal, Joomla!, SiteCore, DNN, …

  • database: MySQL, PostgreSQL, MongoDB, ElasticSearch, …

  • authentication: OAuth 2.0, SAML, Basic auth, ...

  • programming language: PHP, JS, Python, Ruby, C#, …

  • API: WSDL, REST/JSON, REST/XML, GraphQl, …

  • application level protocols: Apache JServ or Oracle T3, …

  • software libraries: ImageMagick, mod_ssl, …

  • JavaScript framework: jQuery, AngularJS, ReactJS, …

  • application development framework: Express, Laravel, Flask, …

  • software runtime: .NET Framework, JRE, Node, …

  • other applications, such as RabbitMQ Web UI, Grafana, pprof, phpMyAdmin, CKEditor, Werkzeug

Other than identifying the technologies, we try to identify the version of the technology if applicable, as many vulnerabilities are related to specific versions.

Unfortunately fingerprinting the technology is not always straightforward, as sometimes the signs are not obvious, and in many cases technologies are purposefully hidden. Therefore we assign a confidence percentage to the technology we discovered. If the confidence is less than 30%, we will not execute security tests for that technology.