Web Server Analysis
Security attacks are a major concern in today’s networked world. Hackers and crackers are only part of the online security and privacy problem. At STEALTH – ISS® Inc, we provide you with risk assessments that address all areas of online integrity, from hacking and cracking to SSL and application security.
Web-based applications often provide back-end access to confidential business-critical data. Web-application security has to safeguard enterprise systems without sapping the strength from the Web-based technologies on which they rely.
We use various tools such as Syhunt Suite and our know-how to secure web servers, application servers, and web application environments that are susceptible to a growing variety of preventable attacks, including buffer overflow, parameter tampering, cross site scripting, unauthorized access, and other remotely-triggered attacks.
Our security analysis of your web server include:
- More than 56,000 security checks for all leading web server platforms
- Scans for SANS Top Twenty vulnerabilities (W1, W6 and U3)
- Web servers scans for OWASP Top 10 2004 vulnerabilities
- Scans web pages (ASP, PHP, ColdFusion, CGI and more)
- Scans devices such as routers and firewalls that run web sites
- Specifically scan for SANS Top 20 vulnerabilities
- Perform destructive and non-destructive scans
- Testing of intrusion detection systems
- HTTP and HTTPS (SSL) protocols
- Proxy servers and proxy authentication
- Host authentication
- Bugtraq, CVE (and CAN)
- Produces simple, easy to read HTML reports
- Forceful Browsing attacks — to access to restricted parts in the web server directory
- Proactive attacks — not only known vulnerabilities, but also potential new ones
- Baseline Security Scans — ensures security against outdated server software
- Exploit Terminal tests
- Mapping all the web server’s content and scans the content for threats
- For all types of web servers, such as Unix, Linux or NT
Application Security Testing
Security issues are among the highest concerns to many organizations. Despite this fact, security testing is often the least understood and least defined task. Security testing is a broad effort that requires a domain of expertise beyond traditional software testing. In particular, application software security testing is very different from software functionality testing.
STEALTH – ISS® will analyze the critical components of a Web-based portal, e-commerce application, or Web platform, that go beyond the standard hacking, attacking and security tests.
Our professional team uses manual techniques and hundreds of appropriate tools the assessment pinpoints specific vulnerabilities and identifies underlying problems as well as take a closer look at your application code and assess the risks, providing you will full reports about all backdoors, database risks as well as solutions on how to fix these.
Please contact us for more details and to provide you with a quote.