The Technology

WSSA Site Security Scanning Background

Well before hacking became a 'fashionable' activity of bored, affluent geeks who compare conquests like they compare game scores, network and site attacks were launched by highly trained, smart and ruthless hired guns for strictly financial and political reasons. WSSA was created and hardened in the heat of those battles.

The attack you eventually experience will very likely be one that was originally used against a large corporate site. These ploys are put into easy-to-use scripts and eventually fall into the hands of tens of thousands of weekend warriors often called "script-kiddies". This army of hackers-in-training has the time and energy to search for small sites which have even minor security risks and do mischief. Most of these attacks use an automated probing tool that searches for vulnerable web sites. Once such 'low hanging fruit' is found, the attacker starts looking deeper to see what they can gain.

WSSA Infrastructure

Using a cluster of vulnerability scanning servers located at Beyond Security's premises, scanning is done over the Internet on the IP addresses you provide. This shows a clear picture of your site and its server as seen by potential external attackers. We will not ask you to make any configuration changes: don't open any ports for us, or disable any running defense mechanisms. We are trying to give you an accurate 'hacker's view' of your network.

WSSA Risk Assessment

WSSA can detect any vulnerability present on TCP and UDP ports exposed to the outside network (i.e. Internet). Vulnerabilities could be on your SMTP server, in an inadvertently exposed LDAP or even X11. Any of these avenues (and dozens more) can be used by a hacker to circumvent your operating system security and in turn gain access to a server and from there any other computer connected to your system.

Servers scanned include Web, FTP, Mail, Exchange and SQL, plus Firewalls. Scans are not limited by operating system and the service includes general security tests, along with specific tests for Windows 9x/NT/2000/XP/Vista, UNIX, Linux (Ubuntu, Debian, RedHat, Fedora, and others), Novell, AS-400, Mainframe, etc. Among these tests are special firewall and network router checks, application level tests, and close to 5,000 other test groups that cover well over 10,000 vulnerabilities.

WSSA Risk Updates

The WSSA vulnerability test database is updated on daily basis from the SecuriTeam.com knowledge base, ensuring that you are always checked against the latest threats and vulnerabilities. WSSA service does not require any kind of software installation on hosts or servers. It will scan such items as databases or operating systems without the need for additional agents. WSSA is cost efficient and comprehensive.

Features

Pricing

Sample Report

Security Seal

Experience

Compare to HackerSafe

Scan? Antivirus? Both?

Scanning Tech

FAQs

Case Studies

Product Family

WSSA is our hosted scanning solution for web sites, web servers and all internet facing IP addresses.

For internal scanning of networks consisting of any number of servers, ports or IP addresses, please consider our appliance-based solution: AVDS.