Vulnerability Coverage

What Nullscan Tests For

Q: Does Nullscan cover the OWASP Top 10?

Yes. Nullscan tests for the most critical OWASP Top 10 vulnerability categories including injection attacks (A03), broken access control (A01), authentication failures (A07), SSRF (A10), and security misconfiguration (A05).

Q: How does Nullscan test for SQL injection?

Nullscan's AI agents identify input points across your application — forms, URL parameters, API endpoints, headers — and attempt various SQL injection payloads including union-based, blind, and time-based techniques to determine if your database queries are vulnerable.

Comprehensive penetration testing covering the most exploited vulnerability categories in web applications, aligned with OWASP Top 10 standards.

Attack Categories

50+

Test Vectors

OWASP

Top 10 Aligned

Powered Agents

Vulnerability Categories

SQL Injection

A03:2021 — Injection

critical

SQL injection occurs when user input is inserted into database queries without proper sanitization. Attackers can read, modify, or delete data, and in some cases gain full control of the database server.

How Nullscan Tests This

Identify all input points: forms, URL parameters, API bodies, headers, cookies
Attempt union-based, boolean-blind, and time-based injection payloads
Test for error-based information disclosure
Check for second-order injection where input is stored and executed later
Verify ORM and parameterized query usage

Cross-Site Scripting (XSS)

A03:2021 — Injection

high

XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users. This can lead to session hijacking, credential theft, defacement, and malware distribution.

How Nullscan Tests This

Test reflected XSS in URL parameters, search fields, and error messages
Check for stored XSS in user-generated content areas
Attempt DOM-based XSS through client-side JavaScript manipulation
Test various encoding and filter bypass techniques
Verify Content Security Policy (CSP) configuration

Authentication Bypass

A07:2021 — Identification and Authentication Failures

critical

Authentication bypass allows attackers to access protected resources without valid credentials. This includes broken login flows, predictable session tokens, and missing authentication on sensitive endpoints.

How Nullscan Tests This

Attempt to access protected endpoints without authentication
Test for authentication state confusion and session fixation
Check for predictable or weak session token generation
Test password reset flow for account takeover vulnerabilities
Verify multi-step authentication can't be skipped

IDOR / Broken Access Control

A01:2021 — Broken Access Control

high

Insecure Direct Object References (IDOR) and broken access control allow users to access data or perform actions belonging to other users by manipulating IDs, paths, or parameters.

How Nullscan Tests This

Enumerate object IDs and attempt to access other users' resources
Test horizontal privilege escalation between same-role users
Test vertical privilege escalation to admin-level actions
Check for missing function-level access control on API endpoints
Verify authorization is enforced server-side, not just client-side

Server-Side Request Forgery (SSRF)

A10:2021 — Server-Side Request Forgery

high

SSRF allows attackers to make the server send requests to unintended destinations — accessing internal services, cloud metadata endpoints, or other systems behind the firewall.

How Nullscan Tests This

Identify parameters that accept URLs or hostnames
Attempt to reach internal network addresses and cloud metadata endpoints
Test URL parsing inconsistencies and redirect chains
Check for SSRF through file upload, webhooks, and import features
Verify allowlist/blocklist implementations for outbound requests

Path Traversal

A01:2021 — Broken Access Control

high

Path traversal allows attackers to access files and directories outside the intended scope — reading configuration files, source code, credentials, or other sensitive data on the server.

How Nullscan Tests This

Test file parameters with directory traversal sequences (../, %2e%2e/, etc.)
Attempt to read known sensitive files (/etc/passwd, .env, config files)
Check for path traversal in file upload and download features
Test various encoding and null byte bypass techniques
Verify file access is restricted to intended directories

Rate Limiting

A07:2021 — Identification and Authentication Failures

medium

Missing rate limiting on sensitive endpoints allows attackers to brute force passwords, enumerate users, abuse password reset flows, or overwhelm API endpoints.

How Nullscan Tests This

Test login endpoints for brute force protection
Check password reset for rate limiting and token expiration
Test API endpoints for request throttling
Verify account lockout mechanisms after failed attempts
Check for rate limit bypass through header manipulation

Security Headers

A05:2021 — Security Misconfiguration

medium

Missing or misconfigured security headers leave your application vulnerable to clickjacking, MIME sniffing, cross-site attacks, and protocol downgrade attacks.

How Nullscan Tests This

Check for Content-Security-Policy (CSP) header and policy strength
Verify Strict-Transport-Security (HSTS) is present with appropriate max-age
Test X-Frame-Options to prevent clickjacking
Check X-Content-Type-Options to prevent MIME sniffing
Verify CORS configuration isn't overly permissive
Check for Referrer-Policy and Permissions-Policy headers

Penetration Testing, Not Just Scanning

Most "vulnerability scanners" check for known signatures and missing headers. Nullscan is different.

Typical Vulnerability Scanners

-Check for known CVEs and signatures
-Verify security headers are present
-Match against predefined rule sets
-Surface-level automated checks
-Same tests on every website

Nullscan

AI agents actively probe and exploit vulnerabilities
Tests are adapted to your specific application
Attempts real attack chains, not just signature matching
Discovers application-specific logic flaws
Simulates how a real attacker would approach your app

Frequently Asked Questions

Does Nullscan cover the OWASP Top 10?

Yes. Nullscan tests for the most critical OWASP Top 10 categories including injection attacks (A03), broken access control (A01), authentication failures (A07), SSRF (A10), and security misconfiguration (A05).

How does Nullscan test for SQL injection?

AI agents identify input points across your application — forms, URL parameters, API endpoints, headers — and attempt various SQL injection techniques including union-based, blind, and time-based payloads to determine if your database queries are vulnerable.

What's the difference between a vulnerability scanner and a penetration test?

A vulnerability scanner checks for known issues using predefined rules. A penetration test actively tries to exploit your application with real attacks. Nullscan performs actual penetration testing using AI agents — it thinks and acts like an attacker, not just a checklist.

Will the scan break my website?

No. All tests are non-destructive. Nullscan does not perform denial-of-service attacks, delete data, or make permanent changes to your application. It identifies vulnerabilities without exploiting them in harmful ways.

How often should I scan my application?

At minimum, scan after every significant feature release or code change. New features — especially those built with AI tools — can introduce new vulnerabilities. Regular scanning catches issues before they become incidents.

Test Your Application Now

Find out if your application is vulnerable. Free scan covers all 8 attack categories — results in minutes.

Start Free Scan

Free Security Scanner AI App Security Testing Scope