- What is a POC and why do I request it?
- How will the first time scan help me in protecting my site? / Why should I scan my website?
- How frequently should I scan my website?
- Will your scans interrupt my users?
- Is my scan report confidential?
- What is Pen testing?
- What kinds of website security problems can you detect?
- How do I initiate a scan?
- How do I request a Pen testing?
- How can I download the complete scan report?
- How do I request a POC and Custom Rules?
- What is Vulnerabilities table and why is it useful?
- What happens if I Request POC or Custom Rules before selecting any vulnerability?
POC demonstrates how a specific vulnerability can be exploited to attack the application. When we get the POC request, we will revalidate if the vulnerability really exists and provide you the Proof in the form of screenshots.
The scanner will scan your website to identify the vulnerabilities. Each page will be scanned for security weaknesses. We will then provide you with a report that reveals the loopholes in your websites that you have to reinforce. This way it will help you to protect your website.
Frequent scanning (every day) is essential for the websites if the website stores critical information about user's financial information in the database because new vulnerabilities are released very often. If you do not store confidential information in the database and if you rarely change the code on your site, then occasional scanning is enough.
No. Scans are intended to do on live sites to imitate attackers and to find the loopholes in websites. Your client will not even notice that scanning is in progress.
Yes. The results of your scans are confidential.
No, we do not require any of your website credentials unless if you want to scan authenticated pages.
A penetration test or pen test is a manual attack by our expert on the applications. Our experts seek security weaknesses, potentially gaining access to website privileges and data. Such assessments are helpful in finding security flaws that miss automated scanning. Our experts think and attack like hackers for creating preventive measures after the testing.
Web Application Scanning and Penetration Testing looks for OWASP 10 vulnerabilities, badly coded web pages, database connections that allow access to private data or issues in any other applications such as a shopping cart or blogs.
Example: SQL injection, XSS (cross-site scripting), Remote File Inclusion, PHP/ASP Code Injection, Directory Traversal, and File Disclosure.
We register the results of an attack by a virus, Trojan, or worm.
Example: Malicious code may open a TCP port for unauthorized access from the internet.
Example: A service using a known default username or password or an omitted security updates/patches.
Click Detect tab and in the Schedule Scan Now widget click Now to initiate a scan for the website.
Click Detect tab and in Web Application Scan Summary widget click Download Scan Report to download complete scan report for the website.
Click Detect tab, select one or more vulnerabilities from Vulnerabilities table that you want to request POC or Custom Rules and then click Request POC to get attack vectors and screenshots for the website or click Request Custom Rules to protect that particular URL.
After performing scan all the vulnerabilities that are found will be listed in the Vulnerabilities table. Select the vulnerability and click Request POC or Request Custom Rules.
An error message will display asking you to select vulnerabilities.