|
Q: What is WSSA - Web Site Security Audit?
A: WSSA is a security testing solution developed to help organizations to reduce their web based security risks by helping them to manage their vulnerabilities. This is done in a proactive manner by periodically scanning their internet facing web sites or IP addresses for system and application vulnerabilities from a hacker's perspective.
WSSA is designed, delivered and priced to help companies of any size and IT complexity to effectively manage their security testing from a single administration console via a distributed scanning architecture.
Q: Is WSSA a hardware or software solution?
A: WSSA is a service we host and maintain. No hardware or software installation is required
Q: What kinds of vulnerabilities does WSSA detect?
A: There are three scenarios in which a web site or internet facing IP addresses can be vulnerable.
1) When an operating system or network application is poorly coded thus allowing attackers to exploit software flaws.
2) When an operating system or application is infected with viruses, trojans or worms. In these instances, malicious code may open up a TCP port for unauthorized access from the internet.
3) When a system is mis-configured. One example could be that the system administrator did not employ the use of a "Password" for the administrative interface of an application.
WSSA uses an extensive library of known security issues to comprehensively scan and detect vulnerabilities that are caused by the above three scenarios.
Q: Does WSSA require installation of agents on the systems that are to be scanned?
A: No, WSSA does not require any software agents on any system.
Q: Doesn't a firewall protect against intrusions originating on the internet?
A: A firewall can only protect a web site and customer database from unauthorized access from external applications. However, if an attacker uses a legitimate IP address and a port which is meant to be open, the firewall will not be able to detect that there has been an intrusion. WSSA, which is deployed outside of the network, will scan through the firewall, and report to the Security Administrator if a system can be exploited.
Q: Do I need both anti-virus software and WSSA?
A: Yes. Anti-virus software is designed to protect a system from malicious code (viruses, worms & trojans). WSSA scans from across the internet and locates vulnerabilities at any point of contact. Such vulnerabilities may not be caused by malicious code, but from legitimate applications that are either not patched or are poorly configured. As such, WSSA complements anti-virus solutions in protecting your system.
Q: Does WSSA do repairs when vulnerabilities are discovered?
A: No, WSSA does not perform correction; it locates risks and recommends solutions. Based on good ISMS principles, all patches must be tested and verified before they can be deployed.
Q: Does a WSSA scan look like an attack to an Intrusion Detection System (IDS) or Intrusion Prevention System (IPS)?
A: As scanning is essentially a vulnerability assessment, WSSA sends out packets that are much like those used by a hacker. As such, an IPS/IDS in the network may treat a WSSA scan as a malicious attack.
Beyond Security Seal:
Q: What does the Beyond Security Seal cost?
A: The Seal is included in Basic and Advanced service levels. After you have completed your initial scan and have resolved your risks, simply download and install the seal.
Q: How do I install the Beyond Security Seal on my Web site?
A: Your Web developer or Web site administrator can download the seal script from your WSSA account and add it to the appropriate pages.
Q: How soon will the Beyond Security Seal display on my site?
A: The seal is easy to install and will display immediately.
Q: How can I get the best results with my Beyond Security Seal?
A: Display the Beyond Security Seal on every page where you ask a visitor to enter personal data or a password. Also, displaying the seal on your home page will encourage visitors to start shopping.
|
WSSA is a hosted solution. For an appliance-based solution, click here.
|
beSTORM
