A Web application scanner crawls the entire website, analyzes in-depth each & every file, and displays the entire website structure. After this discovery stage, the scanner performs an automatic audit for common security vulnerabilities, security breaches & risks which are validated against a continually updated service database.
Once the vulnerability scan is completed, GamaSec delivers an executive summary report to management and a detailed report to the technical teams. Both reports list the vulnerabilities found, along with the severity levels of each vulnerability as well as appropriate recommendations.
Regular scans are beneficial, because as you make changes to your web server, you may be inadvertently creating new vulnerabilities, whether you know it or not.
The Benefits of GamaSec Automated VA (Vulnerability Assessment)
Regular use of automated, on-demand GamaSec VA will help you:
Accelerate repairs by ranking and prioritizing vulnerabilities, and linking you to validated remedies. Time is critical when defending against high-speed digital attacks. An audit service that discovers holes and ranks the severity of problems saves valuable research and repair time.
Provide dramatic operational cost savings for assessment and patch management. Compared to manual testing and/or third-party "pen-test" consultants, automated Vulnerability Assessment offers compelling savings in both time and money.
Reduce human error by double-checking actions of security staff with unbiased, reliable auditing. Human beings make mistakes. Automated Vulnerability Assessment helps prevent security errors by serving as an extra pair of eyes that never sleep. Running audits before and after installing new hardware or software can ensure proper configuration and prevent vulnerabilities that have been inadvertently introduced by security policy changes.
Simplify set-up and operations without adding special hardware or additional experts. Although traditional network security management can be complex, using an automated, Web-based security audit solution is simple. Any standard browser and standard TCP/IP communications allows you to run scans, view reports, and download patches.
Weekly online reports. Automatic audit scans are pre-scheduled and performed on a weekly basis. Detailed reports, security configuration advice, and hotlinks to patches and problem fixes appear in your report shortly after you complete a network audit. Instead of relying on a consultant's schedule, you can assess your network defenses whenever & wherever you are.
Features of the GamaSec Vulnerability Scanner
Tailor-made Application – GamaScan is not based on an existing vulnerability scanner. The GamaSec service is a pure in-house development with real-time market adaptation. We can tailor your service requirements and adapt to your strategic partnership’s needs.
Web Application Attacks Engine – GamaSec is the only company today that covers more than 20 web vulnerability application families with the capacity to create a tailor made attack. We can adapt to any web site configuration and produce dynamic tests which will create relevant reports of online scan findings.
Next Generation GamaSec – GamaSec is actively producing the next generation service & solutions. GamaSec will be the first company online to offer scanning through user login, on web-form authentication pages.
Automatic False Positive Prevention Engine – The number of configuration differences among Web Server platforms creates a difficult environment to assess Web Application risks without responses that are false positives. GamaSec effectively addresses this issue by creating dynamic false-positive filter rules automatically without any manual interference. The sophisticated GamaSec proprietary hashing system manages and inspect seven dynamically generated pages & includes them internally for automatic rules generation.
Component-oriented Web Crawler and Scanner Engine - Web Applications are becoming more complex everyday. Reverse proxies can obscure multiple platforms and technologies behind one simple URL. The GamaSec Scanner will crawl through the Web Applications using a component-oriented perspective. For every available component found, GamaSec explores its relationship within that application and constructs customized and effective security checks.
Most Complete Web-Attack Signatures Database - Using the most up-to-date attack signature database available, GamaSec can, with highest degrees of certainty, inspect your web server infrastructure against threats. The ever varying signatures & risk factors from myriad technologies; ranging from 3rd party software packages to well-known web server vendors and internal R&D vulnerabilities, can all be processed by your GamaSec security team.
Simplify Setup and Operations - There is no need to add any special hardware or in-house experts. Traditional network security management can be quite complex. By integrating an automated, web-based security audit solution you solve a major business headache with the most elegant lowest-cost solution. Any standard browser with standard TCP/IP communications permits you to run scans, view findings, and implement recommended solutions.
Support HTTP Web Authentication Schemes - GamaSec supports the widest variety of HTTP Authentication schemes, common HTTP protocol, BASIC, NTLM with abilities to analyze the broadest web technologies; PHP, ASP.NET, ASP, etc.
Enhanced Report Generation for Scanning Comparison - GamaSec includes an internal report creation engine. With enhanced features it provides the ability to create comparison and trend analysis of your web applications vulnerabilities based on scan results generated over selected time periods.
Contact an Alentus ServersFirst Sales Associate toll-free at 1-877-922-9903 or via email at sales@alentus.com
For Existing Customers:
Login to the Alentus Support Center http://support.alentus.com and submit a ticket to Ordering, selecting GamaSec Application Vulnerability Scan from the Choose an Application Menu.
Overview
Customer Comments
You Need - You’ve just finished off a great week. As you are about to go home for the weekend, the phone rings. It’s your IT Team, and they’ve discovered that someone has found a way into your web application through your website, and is wreaking havoc to all your work, and gaining access to all your corporate data. When you deployed your web application, it was completely secure: what happened?
