Analyze applications  in their running state  during testing  or operational phases 

Support various types of Web Application Analysis

  • Support analysis of basic HTTP message to AJAX
  • Detect security vulnerabilities by reproducing various events that can be performed in the browser

Web Based User Interface

  • Ability to perform and view results using a web browser
  • Ability to overview security vulnerabilities trends in web applications via dashboard

Automated detection of security vulnerabilities in web application

  • Sparrow Crawler will automatically collect sub-directory information and URL of the web application
  • Detect security vulnerabilities of collected directories

Major vulnerabilities

  • SQL Injection
  • Path Traversal & Resource Injection
  • Cross Site Scripting
  • OS Command Injection
  • Malicious File Upload
  • URL redirection to untrusted site
  • XPath Injection
  • LDAP Injection
  • HTTP Response Splitting
  • Improper Authentication
  • Integer Overflow
  • Format String Injection
  • Missing authentication for critical function
  • Incorrect permission assignment for critical resource
  • Clear text storage of sensitive information
  • Clear text transmission of sensitive information
  • Improper key length usage
  • Insecure/improper random number usage
  • Weak password requirements
  • Reliance on DNS lookups in a security decision
  • Information exposure through comments
  • Missing or improper restriction of excessive authentication attempts
  • Information exposure through an error message
  • Exposure of data element to wrong session
  • Leftover debug code
  • System data information exposure
  • Cross Site Scripting Forgery
  • Usage of vulnerable API
  • Information Exposure Through Persistent Cookies

Key Feature

  • High usability

    • No installation required: simply access web-based user interface to run the analysis
    • Concurrent scanning and easy-to-manage analysis results
  • Powerful analysis

    • Detect security vulnerabilities in Web application’s blind spots using browser event replay technology
  • Interaction support

    • Overcome limitations of dynamic analysis via interaction with other testing tools
  • Analysis reporting

    • Easy to read report with clear vulnerability information and trends
    • Detailed reports with analysis methods, results, and solution for each vulnerability
  • Latest web application technology analysis

    • Able to analyze web applications that use latest technologies including HTML5 and AJAX
  • Multi-user optimized system

    • Enable central management and sharing of analysis result


On Cloud
On Premise
$ 250 per Scan
Buy 3 or more tickets to get 10% off
Buy Now
Already have an account? Sign In.
On Premise   Perpetual License

Supported Environment

• OS

- Windows 2000 or later, Ubuntu Linux 8.04 or later, Redhat Linux 5 or later, Fedora 8 or later, CentOS 5 or later

• DB

- Postgre SQL (embedded)

System Requirement

• CPU: Quad Core 2.5GHz or better

• RAM: 16G or higher

• HDD: 300G or larger

Guide Standards

• OWASP Top 10 2017


Products Security Quality