Web Tribe Ltd Sentinel
Web scanning has become part of the testing routine used for catching other bugs in the software development life cycle. And since Web security has become a part of industry requirements like the Payment Card Industry Data Security Standard (PCI DSS), scanning for vulnerabilities is no longer a luxury; it's now a compliance mandate.
PCI Compliance Made Easier
The Payment Card Industry mandates IT security compliance for all merchants that process credit cards. McAfee® PCI Compliance Service is an easy-to-use system designed for smaller merchants that need to be PCI certified. It includes state-of-the art scanning, complete remediation and technical support, an online self-assessment questionnaire, and a PCI Wizard to help manage compliance activities.
Reasons for website and network scanning.
First, we define the scope and purpose of the scan. Is it for compliance with government regulations or industry guidelines like PCI, or is it to identify the causes of specific problems? Is it in response to an incident or attack, or something a corporation wants to do routinely as part of its software development life cycle to harden sites before they're live?
If the scan is for compliance, it can focus on just regulatory requirements. Section 6.5 of PCI, for example, requires testing for the top ten vulnerabilities listed by the Open Web Application Security Project (OWASP).
Sample vulnerability that web tribe deals with
Examples of overall website vulnerabilities population include:
- Cross-site Scripting -70%
- Content spoofing 7%
- Sql injection 4%
- Predictable Resource location 5%
- Information Leakage 4%
- HTTP Response Splitting 5%
- Buffer overflow
- Format String Attack
- Lwap injection
- Os commanding
- SSI injection
- XPath injection