A: WSSA identifies your web site security risks by looking for weaknesses in your web site code, errors in your web server settings and by detecting the results of viruses, trojans or worms. WSSA does this by scanning your web site from the outside to find system and application vulnerabilities.
WSSA uses technology originally developed for large corporations but is designed, delivered and priced to help every web site owner evaluate and manage their web site security.
A: WSSA is a service we host and maintain. There is no hardware required or software download or installation.
A: WSSA detects all three web site weaknesses:
1) Poorly coded web pages, database connections that allow access to private data or other problems in any other application that may be available on your web site or server. Examples of this are SQL injection, XSS (cross site scripting), Remote File Inclusion, PHP/ASP Code Injection, Directory Traversal and File Disclosure. WSSA tests for thousands of known exploits.
2) Viruses, trojans or worms. WSSA's test database contains 'fingerprints' to identify all of these. For example, malicious code may open up a TCP port for unauthorized access from the internet.
3) System mis-configuration. For example the system administrator may have installed a service using the widely known default user name or password, or may not have installed vital security updates/patches.
WSSA uses an extensive library of known security issues to comprehensively scan and detect vulnerabilities that are caused by the above three scenarios.
SQL Injection tests are done as follows:
A: No, WSSA does not require any software agents on any system.
A: A firewall is vital and protects networks, web sites, web servers and web applications from unauthorized access. However, if an attacker uses authorized access points, a legitimate IP address and a port which is meant to be open, just like a site visitor would, the firewall will not stop them. Your best defense is to find the weaknesses that may exist in your code, server or applications, and fix them
A: Yes. Anti-virus software is designed to protect a system from incoming, known viruses, worms & trojans. WSSA is designed to locate weaknesses that could allow unwanted human access (and thus damage or loss of data) to your site. As such, WSSA complements anti-virus solutions in protecting your system.
A: WSSA locates risks and recommends solutions that your webmaster will install and will test to ensure they are working properly. Solutions often involve updating software with patches provided by their developers, or changing settings to close ports that don't need to be open and some involve simple things like changing default passwords that were provided with new applications and accidently left in place.
A: As scanning is essentially a vulnerability assessment, WSSA sends out packets that are much like those used by a hacker. As such, an IPS/IDS in the network may report a WSSA scan.
A: Just email Support@BeyondSecurity.com, or call: +1-800-801-2821. Your current service period will run to its end and then your account will be suspended. You can re-activate your account at any time.
A: The Seal is included in Basic and Advanced service levels. After you have completed your initial scan and have resolved your risks, simply download and install the seal.
A: Your Web developer or Web site administrator can download the seal script from your WSSA account and add it to the appropriate pages.
A: The seal is easy to install and will display soon.
A: Display the Beyond Security Seal on every page where you ask a visitor to enter personal data or a password. Also, displaying the seal on your home page will encourage visitors to start shopping.