Pencheff combines deterministic scanners, AI-guided probes, curated payloads, external tools, and evidence normalization so every signal lands in one remediation workflow.
Runtime DAST
Injection coverage
SQLi, NoSQLi, command injection, SSTI, XXE, LDAP, path traversal, and deserialization.
Findings, reports, dashboards, exports, integrations, and retests all read from the same normalized record.
Pencheff favors repeatable checks, then uses AI for triage, enrichment, orchestration, and remediation where it adds signal.
Coverage
What does Injection coverage test?
- SQLi, NoSQLi, command injection, SSTI, XXE, LDAP, path traversal, and deserialization.
- This page is part of Capabilities under Dynamic Testing.
- It links back into the broader from live exploits to source-code proof experience.
- Passive and active reconnaissance, technology fingerprinting, endpoint inventory, and crawl expansion.
- Authenticated crawling for SPAs, role-aware flows, cookies, headers, JWTs, OAuth/OIDC, and MFA-sensitive areas.
- Injection coverage for SQL, NoSQL, command, SSTI, XXE, SSRF, LDAP, deserialization, path traversal, and file upload abuse.
- Client-side and protocol checks for XSS, DOM XSS, CSRF, CORS, clickjacking, cache poisoning, redirects, headers, WebSockets, and GraphQL.
- Verification probes that promote high-confidence results into replayable findings with request and response context.
Execution
How does Pencheff run this?
- Create a URL or API target with scope, auth material, allowed hosts, and rate limits.
- Map the surface with recon, crawl, endpoint discovery, and optional OpenAPI or traffic-derived routes.
- Run profile-controlled checks from quick validation through deep exploit-chain analysis.
- Re-test candidate issues with focused probes before they become confirmed findings.
- Attach evidence, severity, remediation, and compliance mappings to the unified findings stream.
Evidence
What evidence does this produce?
- HTTP request and response excerpts, affected URL, parameter, method, status code, and payload family.
- OAST callbacks, browser screenshots, chain notes, and exact reproduction steps where applicable.
- Authentication context, role assumptions, session notes, and guardrails used during assessment.
- OWASP, CWE, PCI DSS, SOC 2, ISO 27001, NIST, and HIPAA mappings for audit readers.
Controls
How is this kept safe to run?
- Scope allow-lists, profile depth, time budgets, and evidence requirements bound active testing.
- State-changing and destructive behavior can be constrained by target policy and profile selection.
- Findings are deduplicated against existing scan history and can be re-examined on demand.
- Authenticated material is scoped to the target and treated as assessment-only input.
Documentation
Read the full reference.
References
Authoritative sources
FAQ
Common questions
- What injection vulnerability classes does Pencheff test?
- Pencheff tests SQL injection (error-based, blind, time-based), NoSQL injection, OS command injection, server-side template injection (SSTI), XML external entity injection (XXE), SSRF, LDAP injection, insecure deserialization, and prototype pollution.
- How does Pencheff confirm an injection vulnerability is real?
- Pencheff uses out-of-band (OAST) callbacks for blind injection classes — the payload causes the target to make an out-of-band DNS or HTTP request to a Pencheff-controlled endpoint, providing conclusive proof of injection without relying on error messages.
- Does Pencheff test for SQL injection in APIs as well as web forms?
- Yes. Pencheff discovers and fuzzes both HTML form parameters and JSON/XML API request bodies, including deeply nested objects, array items, and GraphQL variables.
Related