It’s time to check how secure your website is!

31 Jul 2019 Author: Vladimir Buldyzhov

We have significantly improved our free security assessment service. Now, the scanning of your website vulnerabilities in normal mode is performed much faster and deeper, and the reports are much better, more useful and convenient. Furthermore, the reports are now stored on our server longer. We are pleased to present to you the results of our work, which took several months.

More about what has changed:

  • Taking into account the wishes of our customers from Europe, to reduce cross-border traffic, we have migrated our server to Germany, to one of the most reliable hosting providers. This migration has significantly increased our computing resources, performance, and reliability.
  • Several scan engines have been replaced by other, better ones. In particular, we have deployed OWASP ZAP (also known as Zed Attack Proxy, zaproxy). This engine contains many flexible plug-ins and changeable settings. For many years, it has been the de facto standard for scanning website vulnerabilities with open-source tools.
  • Improved Executive Summary of the report. Added vulnerability diagram and a summary table with hyperlinks to the details for each vulnerability.
  • The information about vulnerabilities is now structured better. All vulnerabilities are now classified by severity. Based on how certain is the information about the vulnerabilities and how frequently they are encountered at the tested website, our service evaluates the weighted risk of each vulnerability and appropriately sorts the list of vulnerabilities by risk.
  • Improved description of each vulnerability. A large number of details, the information about each vulnerability instance, evidence, recommendations on how to eliminate the vulnerabilities and reduce risks, links to descriptions of the vulnerabilities in popular open databases of vulnerabilities, and so on, are given.
  • For each vulnerability, the user can make and store directly in the report their decision on the manual verification of the vulnerability: if it was confirmed or refuted, as well as write their comment. The text of the comment for each vulnerability of each web site is preserved for all scan sessions of this site.
  • We have increased the time we keep your scanning reports on our server from 14 days to 3 months.

Want to provide this service to your users or customers? Since our scanning service has retained its scalable architecture, we are ready to provide our partners with a front-end scanner including the API documentation. When your clients send a request to your server, it will be automatically redirected to us. Then we will scan the vulnerabilities and send the results back to your server, which will forward them to your clients. Write to us to request such a service.


Other news

Cyber-physical security of DTEK
New Functionality of Smart Contract Analysis