|
SQL injection is now the most common web site attack scheme. Attacks on even simple logon forms have been able to gain root level access to servers.
Methods used to prevent SQL injection include:
- Input Validation
- Static query statement (stored procedures)
- Privileges separation
- Code Verification
- Web Application Firewall/Gateway
- SQL Driver Proxy
However, the speed of development and wide distribution of SQL injection toolkits means that prevention steps you may have taken to date are no longer sufficient.
If you spent hours every week studying the literature and building your defenses you may still end up being a target due to some newly released attack strategy.
Your best defense is a strong offense, with WSSA.
Beyond Security keeps up with the newest threats. We'll test your site daily applying the most recently discovered hacking strategies. If your site has a weakness, we'll find and report it to you, along with the most effecient solutions.
Cut the time you spend on web site security in half. Let us test your current security measures and either confirm that your site is tight, or report to you exactly what actions you need to take. Then with each new scan we will immediately inform you if your site is vulnerable to any newly developed hack.
We're so confident that our service will pay for itself we offer this guarantee: If you are unsatisfied for any reason within 30 days of sign-up we will provide a full refund.
WSSA is a complete, automated security scanning solution that looks in through your web site at your web services and servers. It will discover and report on every class of security risk present; giving you the solid facts you need for corrective action. There are dozens of risk classes to look for and thousands of tests that WSSA will perform without interrupting a single customer. And as new attack methods are discovered they are added to the WSSA test list so that you are the first to know of new risks and you can handle them before a hacker comes knocking.
Most important: WSSA is the fastest service available, our reports provide detailed instructions for the correction of security risks and our security professionals are available 24/7.
Securing Your Web Site With WSSA Is:
Fast - Find out NOW if you have issues, not tomorrow or next week! With our standard service you'll get your first vulnerability scan report in just hours.
Easy - There is nothing to install. We'll scan your site remotely over the Internet.
Profitable - Increase your sales by securing your site and displaying our seal. WSSA actually pays for itself by improving customer confidence.
Low Impact - No web site down time. WSSA will not disrupt your operations, interrupt visitors or cut off customers.
Continuous - We'll be silently watching your site every day with our standard service. Any change to your web forms, shopping cart, servers or operating system that exposes you to invasion will be discovered and reported immediately.
Thorough - WSSA scans for tens of thousands of vulnerabilities including SQL injection and cross site scripting. If any combination of equipment, operating systems or software connected with your site has a weakness, we will find it.
Expert - We have over 10 years of security experience. WSSA was originally developed for our Fortune 500 customers; you now have access to this enterprise level service at small business prices.
Flexible - Scan and secure an international enterprise consisting of thousands of IP addresses and hundreds of servers - or just a blog. Services start at just $9.95 a month.
Current - Beyond Security hosts and sponsors SecuriTeam, an internationally recognized source for security news and one of the larget security databases on the Internet. When new attacks show up anywhere in the world we are the first to know and WSSA is immediately updated.
WSSA, Behind the Scenes:
1. Sign up - After providing us with your domain (www.yoursite.com) or IP address we'll send you a verification email with simple instructions on how to confirm you own the web site being scanned. As soon as you complete the verification instructions our system will immediately begin your first test.
2. Port Scan - Our system will determine which ports are open using advanced scanning techniques. We will investigate all services, all servers (web, FTP, mail, Exchange and SQL) plus firewalls. Whether you have just a blog, or a complex network, we'll find your open ports and detect what services are running on those ports.
3. Vulnerability Scan - Your servers must have certain ports open to provide internet services. A web server has at least one port available and unnecessary ports may have been left open by accident, error or from past hacking. Any one port may provide access to dozens of applications. Any one application may be susceptible to hundreds of attacks. At every open port we will find every service available there and determine how it is configured. This data is then compared to our database of thousands of vulnerabilities. If a potential vulnerability is identified, we will test the service to determine if it is susceptible to attack.
4. Web Site Scan - Over half of all security breaches are perpetrated on properly set up servers which happened to be hosting a web site that was not secure. If you have a web form (newsletter sign up, more information form, site search or shopping cart) that is not secure, then no firewall, no server patch in the world can keep a hacker out. WSSA crawls and tests your entire site (or blog, or extranet) for every possible entry point and tests each against every family of site security risk.
5. Reporting - At the conclusion of each scan you will receive a detailed report that classifies the risks discovered according to their potential severity. Our detailed reports also provide executive summaries that non-technical staff can use to track the severity of outstanding issues and progress made in eliminating them.
6. Analysis - Each report includes recommendations on how to handle each security risk. Executives and site owners can use WSSA for third party evaluation of risks and proof of remediation. Provide your IT staff or webmaster with the specifics they need to prioritize, address and reduce security risks.
For IT staff: these reports are exactly what you need to fully appraise decision makers of the importance of handling security issues and to get the time and resources you need.
7. Certification - When your site is secure, display the WSSA Security Seal and get an immediate increase in sales.
Our Guarantee.
Simple! If you are unsatisfied with our service for any reason within 30 days of sign-up we will provide a full refund.
|
WSSA is our hosted scanning solution for internet facing IP addresses. For internal scanning of networks consisting of any number of servers, ports or IP addresses, please consider our appliance-based solution: AVDS.
|
