Speed: Automatically detect technology in use and trim testing

Problem

API Security sends thousands of requests to test an API operation. Many checks have different tests depending on the technology in use, such as a specific database vendor, or OS. A typical target doesn't use every database and OS in it's architecture, so much of the testing performed isn't useful and takes up time.

We have a related issue to allow manual configuration of technology hints, however, it would be great for the user if we can do this reliably ourselves.

A requirement is to support technology hints at the Route level, allowing multiple routes to be defined, each with a different technology hint. This allows testing a service router that is backed by different technology stacks.

Proposal

Because limiting testing by technology could cause vulnerability misses if we get it wrong, we must have a high confidence in any method to automatically detect technology.

Start with collecting ideas:

1. Fingerprinting
   1. Wappalyzer (issue comment discussing)
   2. X-Powered-By header (this results in a vulnerability)
   3. Session cookie name
   4. Known file extensions in URL (aspx, jsp, php, etc.)
   5. Stack traces or other debug output
   6. Form hidden variable names
2. SAST
3. Vulnerabilities that have technology hints (E.g. SqlInjection or OsCommandInjection)
4. Dependency Scanning