What is a POC and why do I request it?

POC demonstrates how a specific vulnerability can be exploited to attack the application. When we get the POC request, we will revalidate if the vulnerability really exists and provide you the Proof in the form of screenshots.

How will the first time scan help me in protecting my site? / Why should I scan my website?

The scanner will scan your website to identify the vulnerabilities. Each page will be scanned for security weaknesses. We will then provide you with a report that reveals the loopholes in your websites that you have to reinforce. This way it will help you to protect your website.

How frequently should I scan my website?

Frequent scanning (every day) is essential for the websites if the website stores critical information about user's financial information in the database because new vulnerabilities are released very often. If you do not store confidential information in the database and if you rarely change the code on your site, then occasional scanning is enough.

Will your scans interrupt my users?

No. Scans are intended to do on live sites to imitate attackers and to find the loopholes in websites. Your client will not even notice that scanning is in progress.

Is my scan report confidential?

Yes. The results of your scans are confidential.

Do you need my website credentials to perform a scan?

No, we do not require any of your website credentials unless if you want to scan authenticated pages.

What is Pen testing?

A penetration test or pen test is a manual attack by our expert on the applications. Our experts seek security weaknesses, potentially gaining access to website privileges and data. Such assessments are helpful in finding security flaws that miss automated scanning. Our experts think and attack like hackers for creating preventive measures after the testing.

What kinds of website security problems can you detect?

Web Application Scanning and Penetration Testing looks for OWASP 10 vulnerabilities, badly coded web pages, database connections that allow access to private data or issues in any other applications such as a shopping cart or blogs.

Example: SQL injection, XSS (cross-site scripting), Remote File Inclusion, PHP/ASP Code Injection, Directory Traversal, and File Disclosure.

We register the results of an attack by a virus, Trojan, or worm.

Example: Malicious code may open a TCP port for unauthorized access from the internet.

System misconfiguration.

Example: A service using a known default username or password or an omitted security updates/patches.

How do I initiate a scan?

Click Detect tab and in the Schedule Scan Now widget click Now to initiate a scan for the website.

How can I download the complete scan report?

Click Detect tab and in Web Application Scan Summary widget click Download Scan Report to download complete scan report for the website.

How do I request a POC and Custom Rules?

Click Detect tab, select one or more vulnerabilities from Vulnerabilities table that you want to request POC or Custom Rules and then click Request POC to get attack vectors and screenshots for the website or click Request Custom Rules to protect that particular URL.

What is Vulnerabilities table and why is it useful?

After performing scan all the vulnerabilities that are found will be listed in the Vulnerabilities table. Select the vulnerability and click Request POC or Request Custom Rules.

What happens if I Request POC or Custom Rules before selecting any vulnerability?

An error message will display asking you to select vulnerabilities.

How did we do?