"Despite diligent administration of operating systems, and improving levels of patch maintenance on most Web servers, thousands of Web sites around the world continue to suffer destructive attacks, compromises and unacceptable levels of down-time." This is according to Craig Reynolds, Technical Manager at Beyond Security South Africa.
"Hackers are often able to take advantage of insecure programming in custom-built Web applications, allowing them to steal customer information, damage corporate Web sites and/or plant malicious code; and the situation is bound to continue until companies have an efficient mechanism for effectively inspecting security levels on their proprietary Web applications."
Reynolds continued: "The weak point in more and more Web site attacks is not the underlying operating system, or the back-end application, but the security holes buried within dynamic Internet Web applications, on those Web sites themselves, such as CGI, ASP and PHP dynamic Web components.
These application layer (layer 7) components perform the advanced functions that make modern Web pages feature-rich and useful to the end-user. They control such functions as shopping carts, navigation and logon handling."
To address the problem, Beyond Security has released its Web Application Vulnerability plug-in module, as an add-in feature to its popular vulnerability scanning engine.
"Scanning for known vulnerabilities in operating systems and applications is simply not enough," warns Reynolds.
Beyond Security is the first company to provide a scanning solution that accurately reveals vulnerabilities both in the network level and the Web application level.
Until now, these functions have been handled separately, and Web application testing or "Web crawling" has been a complicated, highly specialised and tedious process, often taking days or even weeks per Website to complete.
The addition of "Web Application Security Scanning" entrenches Beyond Security`s VA engine as the most comprehensive scanning tool in the world today - already scanning at the database, O/S, and network levels, it now accurately handles custom built Web applications as well.
Speaking at CeBIT recently, Beyond Security CEO Aviram Jenik said: "The security world is consolidating, and as we see the various firewall products assimilating Web application protection technologies, in a similar way, so too, the network vulnerability assessment tools will start combining Web application scanning capabilities."
Identifying vulnerabilities in both the network level and Web application level were, in the past, considered as two separate categories in the security market, each being satisfied by different companies. However, the new solution offered by Beyond Security has instilled it as a leader by being the very first company to provide technology that is able to satisfy both.
Share
Beyond Security is a leading provider of Security Assessment Technologies, specializing in the development of solutions for network security, and providing detection and prevention frameworks &mechanisms for networks. Solution offerings incorporate internal network, external network and product security audits.
Our main service, the Automated Scanning Engine maps the organization`s network and simulates attacks originated from both the internal and external network, testing for both network level and application level vulnerabilities. The Automated Scanning Engine produces a detailed report listing all the security breaches found, and provides several practical solutions, as well as a system wide, easy-to-read report. This provides the management with a better view of the organization`s security, without getting into the technical details.
The Automated Scanning Engine updates daily for the most-recent security breaches discovered by SecuriTeam.com research and development team, keeping the system and customer updated in real-time with latest security issues.
Editorial contacts