- Assess and manage the security of customer networks,web sites, and web applications
- Deliver compliance reports for PCI, HIPAA, SOX, GLBA, others
- Highest accuracy testing available eliminates the ‘false positive run-around’
- Differential reporting alerts you to changes or additions to your networks.
- Low bandwidth requirements allows testing during working hours
- No software or agents to install or maintain
How It Works:
1. Port Scan – Web Site Security Audit will investigate all services on all ports on all web servers (web, FTP, mail, Exchange and SQL) plus your firewalls. Whether you have just a blog, or a complex network, we’ll find your open ports and detect what services are running on those ports.
2. Vulnerability Scan – At every open port we’ll identify every service present and determine how it is configured. These services and configurations are compared to our database of thousands of vulnerabilities. If there is a potential vulnerability, we will actively test it to determine if a weakness exists.
3. Web Site Scan – WSS crawls every page of your site and tests every possible entry point against every family of security risk. We have the most in-depth, automated testing for SQL injection and Cross Site Scripting (XSS) available.
4. Reporting – Our detailed report classifies the risks discovered according to their potential severity. Executive summaries track your overall security ‘grade’ over time and your progress in eliminating issues.
5. Analysis – Each report includes recommendations on how to handle each security risk.
- Site owners can use WSS to evaluate hosts and service providers. Get the specifics your staff and vendors need to take action and the documentation you need to confirm repairs.
- For Hosts and IT staff: Use WSS to appraise decision makers of the importance of security issues and provide proof that all issues are resolved and your site is clean.
6. Certification – Display the Web Site Security Seal: Improve your visitor’s confidence and your sales.