KairoFind's Basic Scan Details
KairoFind provides two kinds of OWASP security scans to meet the needs of our users. The Basic Scan which is free, uses the OWASP ZAP (Zaproxy) scanner, a leading open-source project used by many large players in the security industry. These scans test websites and web apps for OWASP Top 10 risks and more and these are Passive Scans.
The Passive Scan loads the pages of a website and checks for vulnerabilities such as cross-domain misconfigurations, insecure cookies, and vulnerable js dependencies (see table below for full list). This scan completes within several minutes.
The Advance Scan is a platform where our users provide information about their web applications, code, or their infrastructure and submit their requests. KairoFind receives these requests and based on the need, uses a combination of open-source and commercial tools to test the websites, code, or the infrastructure and provides the report within 48 hours.
The Advance Scan submits forms and makes requests to the web application to test for vulnerabilities such as SQL injection, remote command execution, and cross-site scripting (see table below for full list). The advanced scan is not destructive, but it may send thousands of requests to a web application while thoroughly testing for all vulnerabilities. This scan may take up to several hours, depending on the scanned target.