WSSA Site Security Scanning Background
Well before hacking became a 'fashionable' activity of bored, affluent geeks who compare conquests like they compare game scores, network and site attacks were launched by highly trained, smart and ruthless hired guns for strictly financial and political reasons. WSSA was created and hardened in the heat of those battles.
The attack you eventually experience will very likely be one that was originally used against a large corporate site. These ploys are put into easy-to-use scripts and eventually fall into the hands of tens of thousands of weekend warriors often called "script-kiddies". This army of hackers-in-training has the time and energy to search for small sites which have even minor security risks and do mischief. Most of these attacks use an automated probing tool that searches for vulnerable web sites. Once such 'low hanging fruit' is found, the attacker starts looking deeper to see what they can gain.
WSSA Infrastructure
Using a cluster of vulnerability scanning servers located at Beyond Security's premises, scanning is done over the Internet on the IP addresses you provide. This shows a clear picture of your site and its server as seen by potential external attackers. We will not ask you to make any configuration changes: don't open any ports for us, or disable any running defense mechanisms. We are trying to give you an accurate 'hacker's view' of your network.
WSSA Risk Assessment
WSSA can detect any vulnerability present on TCP and UDP ports exposed to the outside network (i.e. Internet). Vulnerabilities could be on your SMTP server, in an inadvertently exposed LDAP or even X11. Any of these avenues (and dozens more) can be used by a hacker to circumvent your operating system security and in turn gain access to a server and from there any other computer connected to your system.
Servers scanned include Web, FTP, Mail, Exchange and SQL, plus Firewalls. Scans are not limited by operating system and the service includes general security tests, along with specific tests for Windows 9x/NT/2000/XP/Vista, UNIX, Linux (Ubuntu, Debian, RedHat, Fedora, and others), Novell, AS-400, Mainframe, etc. Among these tests are special firewall and network router checks, application level tests, and close to 5,000 other test groups that cover well over 10,000 vulnerabilities.
WSSA Risk Updates
The WSSA vulnerability test database is updated on daily basis from the
SecuriTeam.com knowledge base, ensuring that you are always checked against the latest threats and vulnerabilities. WSSA service does not require any kind of software installation on hosts or servers. It will scan such items as databases or operating systems without the need for additional agents. WSSA is cost efficient and comprehensive.
beSTORM
