What Does VAddy Test?

VAddy is a service that runs end-to-end black box security tests for SQL injection and XSS , Remote file inclusion, Command injection, Directory traversal vulnerabilities on the following:

• URL path parameters
• Web applications that use form-based authentication
• Web applications that use basic access authentication
• Web applications that use SSL
• Forms that use CSRF tokens
• REST API servers—even with JSON request parameters > See also

You can check the requests that VAddy uses to find vulnerabilities; this information allows you to reproduce attacks and fix your web application’s code.

Future plans include tests for:
> persistent (i.e. stored) XSS vulnerabilities
> DOM-based XSS vulnerabilities

Supported CI Tools

• Jenkins
  VAddy Quickstart Guide: Integrating with Jenkins and Using the Web API
  
• CircleCI
  Blog: Continuous Web Security Testing with CircleCI
• Codeship
  Blog: Continuous Web Security Testing with Codeship
• Other CI Services
  VAddy also supports Travis CI, Wercker, and other CI services. As with CircleCI, you can use VAddy’s Ruby client to scan for vulnerabilities and check results.

Other Resources

• Quickstart Guide
  https://support.vaddy.net/hc/en-us/
• Jenkins Plugin
  https://wiki.jenkins-ci.org/display/JENKINS/VAddy+Plugin
• Web API Documentation
  https://github.com/vaddy/WebAPI-document/blob/master/VAddy-WebApi.md
• Ruby Client
  https://github.com/vaddy/vaddy-api-ruby
• go-vaddy: VAddy API command tool
  https://github.com/vaddy/go-vaddy/