Web Security

Overview

Diverg's web security capabilities cover infrastructure discovery, vulnerability detection, and configuration analysis. They follow established methodologies (OWASP, PTES) and produce structured findings with severity and evidence. All of this runs in the same workflow as blockchain and OSINT, so you get one correlated view.

Reconnaissance

Before diving into vulnerabilities, Diverg maps the target:

• Port scanning: Open ports with service detection and banner grabbing; nmap is used where available for depth.
• Subdomain enumeration: DNS brute force and certificate transparency logs to find subdomains and related hosts.
• Technology fingerprinting: Wappalyzer-style detection of frameworks, servers, and versions so later tests can be tailored.

Vulnerability scanning

Automated checks for common web issues, with proof-of-concept where possible:

• Cross-site scripting (XSS), SQL injection (SQLi), CSRF, directory traversal
• Misconfigurations (debug endpoints, default credentials, exposed backups)
• OWASP Top 10 and other common CWE patterns

Findings include severity, affected URL/parameter, and evidence (e.g. request/response or snippet).

Security headers & SSL/TLS

Analysis of HTTP security headers (CSP, HSTS, X-Frame-Options, etc.) and TLS configuration (certificate validity, cipher suites, protocol versions). Surfaces missing or weak settings that could lead to downgrade or injection risks.

Authentication & API testing

When the target has login or APIs, Diverg can test:

• Session management, cookie flags (HttpOnly, Secure, SameSite), and user enumeration
• API endpoint discovery, CORS behavior, auth bypass, and IDOR-style access issues

See Skills System for how these fit into the overall skill set, and Reporting for how findings are structured.