Nemesida WAF includes the Nemesida Scanner module, which is designed to detect vulnerabilities and access critical data of a protected web application.

Using the security scanner allows you to identify the vulnerabilities of the web application and notify the owner of the resource. In the context of protecting a web application, the identified vulnerabilities will be additionally protected by virtual patching rules.

Nemesida Scanner identifies the following types of vulnerabilities:

  • SQLi, XSS, LFI, RCE;
  • Vulnerabilities of popular CMS (WordPress, Joomla, Drupal, etc.);
  • Using components with known vulnerabilities;
  • Critical data in the public domain.

And also performs additional checks:

  • Using the HttpOnly and Secure flags in Cookies;

The scan results are available in the Nemesida WAF Cabinet.