Designed for the Enterprise, WSSA is Now Available to Everyone.
WSSA Site Security Scanning Background
Before web site attacks became a highly automated activity run through large botnets, attacks were launched by smart and ruthless hired guns for strictly financial and political reasons. WSSA was created and hardened in the heat of those battles.
The attacks your site experiences daily are based on well known and established application weaknesses or code errors on your web pages. These known exploits are put into easy-to-use scripts and distributed to the thousands of slaved computers that make up a botnet. This army of servers has the time and energy to search for small sites which have even minor security risks and do mischief. These attacks use an automated probing tool that verifies a weakness exists. Once such 'low hanging fruit' is found, the botnet manager is notified that your site has been breached and he looks deeper to see what assets he can find.
Using a cluster of vulnerability scanning servers located at Beyond Security's premises, scanning is done over the Internet on the IP addresses you provide. This shows a clear picture of your site and its server as seen by potential external attackers. We will not ask you to make any configuration changes: don't open any ports for us, or disable any running defense mechanisms. We are trying to give you an accurate 'hacker's view' of your network.
WSSA Risk Assessment
WSSA can detect any vulnerability present on TCP and UDP ports exposed to the outside network (i.e. Internet). Vulnerabilities could be on your SMTP server, in an inadvertently exposed LDAP or even X11. Any of these avenues (and dozens more) can be used by a hacker to circumvent your operating system security and in turn gain access to a server and from there any other computer connected to your system.
Servers scanned include Web, FTP, Mail, Exchange and SQL, plus Firewalls. Scans are not limited by operating system and the service includes general security tests, along with specific tests for Windows 9x/NT/2000/XP/Vista, UNIX, Linux (Ubuntu, Debian, RedHat, Fedora, and others), Novell, AS-400, Mainframe, etc. Among these tests are special firewall and network router checks, application level tests, and close to 5,000 other test groups that cover well over 10,000 vulnerabilities.
WSSA Risk Updates
The WSSA vulnerability test database is updated on daily basis from the SecuriTeam.com knowledge base, ensuring that you are always checked against the latest threats and vulnerabilities. WSSA service does not require any kind of software installation on hosts or servers. It will scan such items as databases or operating systems without the need for additional agents. WSSA is cost efficient and comprehensive.