Web Application Scanning is a zero touch, non- intrusive, cloud based solution, which helps safeguard web applications by continuous and comprehensive scanning for vulnerabilities and malware. It comprises of two variants:-
- Web Application Scanning Advanced provides organisations with a comprehensive security posture snapshot of their web applications risk exposure on a continuous basis, with the help of automated testing combined with security expert validated proof of concept (POC) support and elimination of false positives.
- Web Application Scanning Premium provides in-depth web application penetration testing for mission critical enterprise websites that need a broad and in depth security coverage addressed by continuous automated web application scanning combined with security expert validated business logic checks, proof of concept support and elimination of false positives.
WAS is a complete scanning tool. It offers vulnerability assessment, application audit and malware monitoring. It is a zero touch, non-intrusive cloud-based solution that provides daily monitoring for web applications, checking for systems and application vulnerabilities, and malware. One of the key aspects of WAS is its ability to detect malware and defacements of websites.
No changes are required on the website either. The monitoring is done remotely and we can detect both known as well as unknown malware in website. We have been researching and innovating for a couple of years in this area and are the best in class for such technology. We have dedicated our research, engineering and development teams to track latest malwares, threats and their behavior. It allows us to constantly refine and improve our technology and solutions to serve our customers better.
It is activated online over the web itself and the customer receives a notification via email with details of the activation. There is no need to download the software into your computer.
The Web Application Scanning tool is architected on globally accepted best practices such as OWASP, OSSTMM, SANS and NIST using a combination of tools and manual techniques through certified analysts. It is hosted and delivered from SAS 70 Type 2 certified secure data center.
The presence of an IndusGuard seal certifies that the particular website is scanned and certified on a daily basis to pass the Web Application Security Scan. The "live" IndusGuard 'Tested' Seal appears on the website with that day's corresponding date only when the website passes the daily Web Application Scanning. This assists the website owners to gain the trust of their customers who feel safe when accessing such websites.
Criteria of a ‘PASS’ scan means that the web application is free of any vulnerabilities. A criterion of a ‘FAIL’ Scan status means that vulnerabilities are present, and some of them have a severity of 4 which is HIGH or which is CRITICAL.
If any kinds of vulnerabilities or malwares are found on the website, the secure site seal will be there on the website for next 72 hrs but the date will not be updated till the risk or threat is over. If the website owner does not take any action or however, if the errors are not fixed even after 72 hrs, the secure site seal will disappear though the scanning will still continue. Once the error is fixed and there are no vulnerabilities or malwares found on the website, the secure site seal will reappear on its own with the updated date and the mention of ' TESTED' again beside it.