Hosted Security WebScan

 

How secure is the code running your online applications? How can you ensure that your online applications are hacker resilient and can withstand common web application hacking techniques such as SQL Injection or Cross Site Scripting?

 

Tight deadlines and nonexisting requirements on the application results in bad code in the web application layer. Vulnerabilities such as SQL Injeciton and Cross Site Scripting can leave your site open for hackers. The hackers have improved in exploitation of these vulnerabilities in the past years. Nine out of ten websites are have flaws in the application layer that could enable an attacker to gain control of your online business.

 

Saragosta helps our customers to take control over their security issues by providing solutions and services that help identify and remove any security risk the company might have in its web applications or its systems environment by using the latest technology and the strongest competencies in the market.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Hosted Security WebScan is a next generation security scanning tool that provides automated vulnerability discovery in web applications. Hosted Security WebScan addresses the challenges related to assessing the security of dynamic, complex, web-enabled environments by offering scheduled web application security scans.

 

Hosted Security WebScan systematically detects web application vulnerabilities in any online business in real time and on a continuing basis.

 

Firewalls are not enough

 

Hosted Security WebScan works beyond IDS and firewalls using allowed ports and protocols to identify vulnerabilities in web-applications, inspecting the customers publicly accessible domain. Firewalls and other traditional intrusion prevention mechanisms are not able to detect application level attacks.

 

Companies today live in a false sense of security; the security level is high, based on an assumption that traditional scans such as Hosted Security SystemScan combined with a firewall can prevent intrusion. Web application attacks traverse legal protocols such as HTTP and HTTPS, in an attempt to exploit functionality within a web application - ultimately bypassing the perimeter defences.

 

Hosted Security WebScan Technology

 

 

Hosted Security WebScan implements an intelligent technology not seen in any other automated web application assessment tools. This intelligent technology includes textual analysis of the web application's content, enabling unique, linguistic attacks. Hosted Security WebScan was developed to test online applications of any size.

 

 

 

Hosted Security WebScan Vulnerabilities Covered

 

Hosted-Security WebScan - Coverage

Corporate WebSite

 

Extranet

 

B2B Online Applications

 

SOAP Enabled Applications

 

Intranet

 

WebMail + Calendar

 

Any online application utilizing http/https for communication

 

Hosted Security WebScan tests for a number of different vulnerabilities.

 

These include the following:

Cross Site Scripting

 

SQL Injection

 

Hidden SQL Injection

 

Command Injection

 

Unauthorized File Access

 

Cookie Poisoning

 

Parameter Tampering

 

Forceful browsing

 

WebDav Vulnerabilities

 

Forceful Browsing based on textual analysis

 

Textual Analysis - Suspicious Content

 

Authentication Bypassing

 

Simple Object Access Protocol Vulnerabilities (SOAP)

 

Stealth Commanding

 

2 phase Cross Site Scripting Discovery

 

 

Extending the Security Audits to your System by applying  Hosted Security SystemScan

 

Hosted Security SystemScan is a internet security scanning tool, which provides automated vulnerability discovery in platforms and the services provided by the platform. Such vulnerabilities include common high risk vulnerabilities in among others, web server software and operating systems.

 

Hosted Security SystemScan Technology

 

Hosted Security SystemScan uses a unique combination of different security products, individually regarded as IT security industry standards, combined with software designed and developed by us, to further increase the effectiveness of these products.

 

As new vulnerabilities are appearing frequently, Hosted Security SystemScan is under continuous development in order to stay one step ahead of the attacker.

 

A regular SystemScan will help keep you up-to-date with respect to current security vulnerabilities and their solutions.

 

SystemScan presently detects more than 4000 vulnerabilities.

 

Hosted Security WebScan Coverage

  • Corporate WebSite
  • Extranet
  • B2B Online Applications
  • SOAP Enabled Applications
  • Intranet
  • WebMail + Calendar
  • Any online application utilizing http/https for communication

 

Hosted Security SystemScan Coverage

  • Web Servers
  • Firewalls
  • Routers and switches
  • Mail servers
  • Antivirus gateways
  • VPN networks
  • DNS servers
  • Desktop units
  • Domain servers
  • (list not inclusive)

 

Hosted Security Reporting

 

We understand that some businesses do not employ IT security experts, while other businesses have highly trained IT security experts.

 

It is for this reason we have developed a reports structure that is customized to meet different customer requirements. The different report sections are designed to provide the most cost-effective solution for each customer. Hosted Security reports are divided into 3 major parts to enable customers to customize the IT security scanning solution to further fit their needs.

 

These 3 parts include:

  • Hosted-Security Scan Report
  • Hosted-Security Excutive Summary
  • Hosted-Security Expert Review

All 3 parts are designed to complement each other and can be delivered individually or combined to form one report.

 

 

 

 
 
ul. Wielicka 33A - 02-657 Warszawa - T: +48 22 853 50 26 - F: +48 22 853 50 27 - e-mail: Saragosta@saragosta.com