I did a test run on a finished website using IBM Appscan and it returned a bunch of errors with a lot to do with the drupal search form block. Here's an extract of one of the errors:
[13 of 37] Parameter Value Overflow
Severity: High
Test Type: Application Invasive
Vulnerable URL: http://[my-web-address]/contact
CVE ID(s): N/A
CWE ID(s): 120
Remediation Tasks: Limit the length of input fields to avoid buffer overflow
Variant 1 of 5 [ID=97491]
The following changes were applied to the original request:
• Set parameter 'form_build_id's value to
'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAA...
**Request/Response:**
This request/response contains binary content, which is not included in generated
reports.
**Validation In Response:**
N/A
**Reasoning:**
The test caused the server to stop responding (an erroneous response was returned, such as cut
connection or time out). The original request was then resent and also failed, confirming that the
server had stopped responding.
Appreciate any pointers on what needs to be done, thanks.