Summary
1. General Overview
1.1.
About N-Stalker
1.2.
Why N-Stalker
1.2.1.
Component-oriented Web Application Security Analysis
1.3.1.
Web Application Secure Development Life-cycle
1.3.2.
Special Features
1.3.3.
List of Security Checks
1.3.4.
Licensing Model
1.3.5.
Web Security Intelligence Service
1.3.6.
Differences between N-Stalker Editions
1.3.7.
Support Contacts
2. Installing N-Stalker Web Application Security Scanner
2.1.
Minimum requirements
2.2.
Recommended requirements
2.3.
Installation Overview
2.3.1.
Download latest software version
2.3.2.
Installing latest software version
2.3.3.
Attaching software license
2.3.4.
Detaching Software License
2.3.5.
Downloading latest components
2.4.
Components Description
2.4.1.
N-Stalker Policy Editor (Console)
2.4.2.
N-Stalker Web Application Security Scanner Engine
2.4.3.
N-Stalker Report Manager
2.4.4.
N-Stalker Update Manager
2.4.5.
N-Stalker DB Importer
2.4.6.
N-Stalker Signature Editor
2.5. General Configuration
2.5.1.
Overview of Global Options
2.5.2.
Scan Options Settings
2.5.3.
HTTP Options Settings
2.5.4.
Path Options Settings
2.5.5.
False Positives Protection Settings
2.5.6.
Managing multiple configuration profiles
2.6.
Uninstalling N-Stalker Scanner
3. Overview of N-Stalker Scan Profiles
3.1.
Development & QA Scan Profile
3.2.
Infrastructure & Deploy Scan Profile
3.3.
Audit & Pen-test Scan Profile
4. Getting Started
4.1.
Default Policies
4.1.1.
Development & QA
4.1.2.
Infrastructure & Deploy
4.1.3.
Audit & Pen-test
4.2.
Starting Wizard-based scan
4.2.1.
Choose Policy Profile
4.2.2.
Choose Target
4.2.3.
Choose Scan Policy
4.2.4.
Customizing Scan Options
4.2.5.
Iniating Scan Session
4.3.
Running Scan Engine
4.3.1.
Initiating Scan Session
4.3.2.
Understanding Scan Engine Interface
4.3.2.1.
Scan Information
4.3.2.2.
Scan Statistics
4.3.2.3.
Scan Policy
4.3.2.4.
Scan Components
4.3.2.5.
Log Information
4.3.3.
Inspecting Website Tree
4.3.3.1.
Website Tree Options
4.3.3.2.
URI Information
4.3.3.3.
Objects Information
4.3.3.4.
Viewing URI details
4.3.4.
Inspecting Events List
4.3.4.1.
Vulnerabilities
4.3.4.2.
Objects
4.3.5.
Managing Scan Engine Options
4.3.5.1.
Debugging Scan Engine Transactions
4.3.5.2.
Save Scan Session
4.3.5.3.
General Engine Option
4.3.5.4.
Spider Options
4.3.5.5.
Session Options
4.3.6.
Terminating Scan Engine Session
4.4.
Resuming Scan Sessions
4.5.
Overview of N-Stalker Reports
4.5.1.
Technical Report
4.5.2.
Executive Report
4.5.3.
Comparison Report
5. Configuring Custom Scan Policies
5.1.
Creating New Scan Policies
5.1.1.
Blank Policy in Wizard Mode
5.1.1.1.
Choosing Policy Profile in Wizard Mode
5.1.1.2.
Development & QA Profile
5.1.1.3.
Infrastructure & Deploy Profile
5.1.1.4.
Audit & Pen-test Profile
5.1.1.5.
Host Configuration Settings
5.1.2.
Blank Policy in Detailed Mode
5.1.2.1.
Configuring Development & QA Template
5.1.2.2.
Configuring Infrastructure & Deploy Template
5.1.2.3.
Configuring Audit & Pen-test Template
5.1.2.4.
Configuring General Session Options
5.2.
Using Existant Policies as Template
5.2.1.
Wizard Mode
5.2.2.
Detailed Mode
5.3.
Running Saved Custom Policy
6. Creating and Customizing Reports
6.1.
Choosing a Report Profile
6.2.
Deleting Scan Session Result
6.3.
Technical Report
6.4.
Executive Report
6.5.
Comparison Report
6.6.
Using RTF Editor Interface
6.7.
RTF Format Options
6.8.
PDF Format options
7. Using Signature Editor
7.1.
Creating new URI-based signatures
7.1.1.
Configuring Vulnerability Info Settings
7.1.2.
Configuring URI Signature Settings
7.2.
Creating new script-based signatures
7.2.1.
Configuring Vulnerability Info Settings
7.2.2.
Configuring Vulnerability Info Settings
7.3.
Saving Signatures to User’s Database
7.4.
Generating a new User’s Database
7.5.
Using custom signatures inside N-Stalker
8. Frequently Asked Questions
8.1.
License and Installation Questions
8.2.
Web Spider Questions
8.3.
Scan Engine Questions
Appendix A – Signature Editor ZScript Language Reference
Appendix B – Glossary
Appendix C – HTTP Status Code
Appendix IV – N-Stalker HTTP Signature Database Reference
Appendix V – Recommended links