nFuse will perform a Security Scan on the customers website. This automated scan focusses on the complete website. User registration can be included if needed. The security scan is executed with an up-to-date security scanner that covers the OWASP Top 10 (2018) vulnerabilities. nFuse Security* is an online security scanner that automatically tests your web application for 700+ vulnerabilities. The webscanner is a SAAS (Software As A Service). We perform automatic penetration tests against web applications, based on the OWASP Top 10 specifications, seemingly magic fingerprinting of content management systems, and the very latest trends in vulnerability research.)
Crawler:
Our
crawler does not have a cap on any specific limit of URL’s like most of
our competitors does. We aim to find all unique code flows on which
vulnerabilities may reside, without missing anything of relevance. We do
that by finding similarities between different URL’s as well as
repeating content by the use of a sophisticated system of clustering
algorithms. In other words, we crawl until there’s no more content of
relevance instead of stopping at a fixed number of URL’s. Do you know
the size of your website? Most organization don’t as there is a large
share of automatic and hidden pages.
Our
auditing modules may also find information leakages in your platform
(e.g. unlinked files), which in turn may lead to further links to crawl.
We do all this to cover as much of your application as possible. We do
not believe in caps.
Vulnerability Detection
We cover OWASP Top 10 .
That means we find a wide variety of flaws, including SQL, LDAP, XPATH
and NoSQL injections, Cross Site Scripting flaws, broken session
management, remote code and command execution, malware, etc.
All our findings are classified according to the CVSSv2 specifications in order to make it easier for you as a developer to prioritize the threats.
Protected reports
The
reports are stored on dedicated database servers out of reach from the
web servers. The reports are protected from SQL injections by the means
of data segregation and prepared statements. If an attacker against all
odds were to pull off a SQL injection attack, the only report data he
would get would be his own.
The web servers cannot directly
communicate with any report database. All layers of the service happen
in different networks to reduce the risk of compromise.
What is included?:
- Add and verify ownership of the domain you want to test
- Start a scan
- Your website is tested for 700+ vulnerabilities
- New vulnerabilities are added to the scanner every week
- You will receive descriptive reports with your security issues
Want to learn more?
Just contact us