NSFOCUS Web Vulnerability Scanning System



Similar documents
NSFOCUS Remote Security Assessment System. Overview

NSFOCUS Web Application Firewall White Paper

NSFOCUS Web Application Firewall

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

How To Protect A Web Application From Attack From A Trusted Environment

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Web Application Security. Radovan Gibala Senior Field Systems Engineer F5 Networks

White Paper Secure Reverse Proxy Server and Web Application Firewall

QualysGuard WAS. Getting Started Guide Version 4.1. April 24, 2015

Table of Contents. Page 2/13

Mingyu Web Application Firewall (DAS- WAF) All transparent deployment for Web application gateway

Reference Architecture: Enterprise Security For The Cloud

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

DDoS Attack and Its Defense

IBM Security IBM Corporation IBM Corporation

QualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014

Integrated Threat & Security Management.

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Introduction: 1. Daily 360 Website Scanning for Malware

SANS Top 20 Critical Controls for Effective Cyber Defense

Architecture of a new DDoS and Web attack Mitigation System for Data Center

Enterprise-Grade Security from the Cloud

NetDefend Firewall UTM Services

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

Security Products Development. Leon Juranic

How To Protect Your Network From Attack From A Virus And Attack From Your Network (D-Link)

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

NetDefend Firewall UTM Services

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

REAL-TIME WEB APPLICATION PROTECTION. AWF SERIES DATASHEET WEB APPLICATION FIREWALL

SANDCAT THE WEB APPLICATION SECURITY ASSESSMENT SUITE WHAT IS SANDCAT? MAIN COMPONENTS. Web Application Security

Web Intrusion Detection with ModSecurity. Ivan Ristic

10 Things Every Web Application Firewall Should Provide Share this ebook

Introducing IBM s Advanced Threat Protection Platform

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Web Application Security

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Web application security Executive brief Managing a growing threat: an executive s guide to Web application security.

Vulnerability Management

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

IBM Advanced Threat Protection Solution

Clavister InSight TM. Protecting Values

IBM QRadar Security Intelligence April 2013

Adobe Systems Incorporated

SiteCelerate white paper

HP Application Security Center

IBM. Vulnerability scanning and best practices

THE OPEN UNIVERSITY OF TANZANIA

How To Perform An External Security Vulnerability Assessment Of An External Computer System

Information Technology Policy

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

Web Application Firewalls: When Are They Useful? OWASP AppSec Europe May The OWASP Foundation

Performing a Web Application Security Assessment

What is Web Security? Motivation

Trend Micro. Advanced Security Built for the Cloud

Imperva s Response to Information Supplement to PCI DSS Requirement Section 6.6

WEB APPLICATION VULNERABILITY STATISTICS (2013)

Next Gen Firewall and UTM Buyers Guide

Security Event Management. February 7, 2007 (Revision 5)

The Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA

Security Assessment of Waratek AppSecurity for Java. Executive Summary

Vistara Lifecycle Management

Cloud Security:Threats & Mitgations

F5 Silverline Web Application Firewall Onboarding: Technical Note

IBM Rational AppScan: enhancing Web application security and regulatory compliance.

The Web AppSec How-to: The Defenders Toolbox

Application and Database Security with F5 BIG-IP ASM and IBM InfoSphere Guardium

Protect Your Business and Customers from Online Fraud

Implementing a secure high visited web site by using of Open Source softwares. S.Dawood Sajjadi Maryam Tanha. University Putra Malaysia (UPM)

elearning for Secure Application Development

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Reducing Application Vulnerabilities by Security Engineering

Cisco Advanced Services for Network Security

Web Application Security Assessment and Vulnerability Mitigation Tests

WordPress Security Scan Configuration

Cutting the Cost of Application Security

Rational AppScan & Ounce Products

Data Breaches and Web Servers: The Giant Sucking Sound

Online Vulnerability Scanner User Manual

IBM Rational AppScan: Application security and risk management

LEARNING CURRICULUM SECURITY COMPASS TRAINING 2015 Q3. Copyright Security Compass. 1

Sage HRMS 2014 Sage Employee Self Service

Application Security Testing Powered by HPE Fortify on Demand. Managed application security testing available on demand

CS 558 Internet Systems and Technologies

Extreme Networks Security Analytics G2 Vulnerability Manager

How To Manage Sourcefire From A Command Console

Huawei Eudemon200E-N Next-Generation Firewall

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Transcription:

NSFOCUS Web Vulnerability Scanning System Overview Most Web application systems are tailor-made and delivered in source codes by Customer Benefits Accurate Analysis on Website Vulnerabilities Fast scan on Large-scale Websites Close-loop Website Security with WAF Flexible and Adaptable to Virtualized Environment suppliers, performing specific functions by running dynamic resolutions in different application environments. This brings new challenges to the security management of web application systems. A sole relying on patching passively doesn t work, since the application developers can hardly provide generic patches like Windows vulnerability patches. A more preemptive and proactive method is needed using dedicated web vulnerability solution for web security assessment. This solution should help security and development teams detect hidden vulnerabilities in the protected web applications or websites, and harden the systems before these vulnerabilities are exploited by hackers. NSFOCUS Web Vulnerability Scanning System (NSFOCUS WVSS) is an industry-leading web vulnerability scanning solution against the above challenges, powered by NSFOCUS s years of expert research and on-hand experience in application security. This solution allows automatic security assessment of all resources on your website by a simple point and shoot. It simulates website visitor s behaviors, such as button click, cursor movement, and complex form filling, detects potential vulnerabilities in the web application systems via the built-in security models, and provides priority-based fixing suggestions as well as actionable analysis reports. Moreover, NSFOCUS WVSS can automatically interact with NSFOCSUS Web Application Firewall (NSFOCUS WAF) to generate smart patches for automatic vulnerability fixing, effectively enhancing security management. Customer Benefits Accurate Analysis on Website Vulnerabilities NSFOCUS WVSS has professional web application security scanning and has established an industry-leading in website scanning and vulnerability analysis. It can intelligently recognize Ajax, Flash, JavaScript and Web 2.0 applications, etc. As well as support OWASP, WASC 1 / 7

vulnerability templates and compatible with an internationally standard classification of vulnerability. It uses forensic scanning technology to provide detailed reports which can easily help customer locate and fix dangerous vulnerabilities. Experts of NSFOCUS always keep track of the emergency web incidents to update the web vulnerability base immediately which can guarantee the website business in time. Fast Scan on Large-scale Websites Backed by NSFOCUS s in-depth researches in web application security, NSFOCUS WVSS adopts innovative technologies, including intelligent webpage crawling, dynamic resource adjustment, proxy cache, real-time task dispatching and URL-level loading balancing. It also has original advanced scanning evasion technology, and can correlate log analysis of each silo website. It can be set at constant scanning speed by manual or automatically adapting its speed to the context such as the bandwidth consumption. Powered by these industry-leading technologies, it can reach the highest scanning speed with zero impact on customer business, overcoming the challenges in scanning large-scale websites. Close-loop Website Security with WAF Relying on the original vulnerability tracking technology, NSFOCUS WVSS conducts statistical analysis on the entire process of vulnerability discovery, monitoring, and fixing. It can also correlate with NSFOCUS WAF to defend against the detected security threats. In this process, NSFOCUS WVSS automatically uploads the scanning reports onto NSFOCUS WAF where precise protection rules ( smart patch ) are generated and applied to the protected website, shaping a close-loop detection and defense. 2 / 7

Key Features In-depth Checking and Comprehensive Scan Visualized Verification Of Vulnerability Distributed Cluster Scan Global Risk Analysis and User-friendly Display Flexible and Adaptable to Virtualized Environment NSFOCUS WVSS can be easily deployed in the virtualized environment. With its independent virtualized management architecture, it can be supplied in software/ virtualized version as an on-demand technology to save extra maintenance expenses related to third-party hosting operating systems. It supports bare and hosting deployment modes. It can be installed on both segmented cloud hosts as well as on office computers, enabling efficient utilization of virtualized asset pools. Key Features In-depth Checking and Comprehensive Scan An automatic analyzer for more web applications: such as multiple web technology (PHP, ASP,.NET, HTML), site type (Portal, E-government, Forum, Blog, Online banking), web applications (IIS, Apache, Tomcat), third-party component (Struts2, WebLogic, WordPress). Large number of accurate scanning plugins: on the basis of an integrated NSFOCUS s plugins, base of WVSS also includes extensive international vulnerabilities, for example OWASP TOP 10-2010 / 2013; WASC, etc. Users can custom Scanning plugin templates according to their personalized needs. Immediate response of web attacks via keeping tracks of top web security incidents continuously, update vulnerability plugins for the first time. Static and dynamic combination of proactive detection technology linked to registers. Identify known and unknown registers type. 3 / 7

Visualized Verification of Vulnerability Support the verification of common web vulnerabilities including SQL injection, Cross-Site Scripting and many others. Batch verification is able to indicate where the vulnerability is in the code in manual or automatic verification mode. WVSS also allows correct the false verification. Through detailed proposal repair the code error, open up blocked links to immediately discover and repair vulnerability. Provide offline report with visualized verification scene which shows the vulnerabilities criterion from logic level provides the constructed request that is able to discover vulnerabilities, besides detailed list interactive data from code level. Distributed Cluster Scan Breaking traditional scanning methods achieve more granularity and in-depth URL scanning page-level load balancing, perfectly protect large-scale scanning via reliable and time-saving scanning technology. 4 / 7

Conveniently and flexibly expand lower level node, dynamic equilibrium between assigned single or multiple tasks. Distributed cluster scan adopts variety of scanning scene. It can achieve real-time automatic speed governor even with a maximum number of 32 lower level nodes Both management and scanning dual role. Focus on managing lower level node to scan and output summary reports Global Risk Analysis and User-friendly Display Dashboard:on the first page, summary data shows security risk posture of the target site helps understand the detail results as a quick entry firstly, such as last 10-Day overall risk level, last 30-Day top 10 dangerous website, up-to-date vulnerability info, single-website risk trend graph, network interface traffic, task progress, etc. Relying on the original vulnerability tracking technology: Original vulnerability tracking technology carried from the dimension of vulnerability discovery timeline. It shows the entire process about monitoring and repairing which can be used to easily locate risk distribution. 5 / 7

Multi-angle Reports:Multidimensional and professional reports not only provide single-site trend-report, but multi-site comparative risk report, automatically collection of the same type between multitasking vulnerability, etc. All vulnerabilities display based on the site resource tree. WVSS can generate reports when it s scanning sites. 6 / 7

Specifications Trojan detection Full coverage of Web 2.0 applications, including AJAX, Flash and JavaScript PHP, ASP,.NET, Java and other programming Detection and Testing languages Web servers, such as IIS, Apache, and Nginx Proxy scanning HTTPS scanning Flash attack detection Authentication methods, such as Basic, NTLM, cookies, and SSL Reports Correlation with WAF Deployment Others OWASP, WASC and other reports Correlation with NSFOCUS WAF IPv4, IPv6 Distributed deployment Data interface capability NSFOCUS TEL: +86 10 68438880 EMAIL: info@nsfocus.com NSFOCUS US TEL: +1 408 907 6638 EMAIL: info-us@nsfocus.com NSFOCUS Japan TEL: +81 3 6206 8156 EMAIL: info-jp@nsfocus.com NSFOCUS is the trademark of NSFOCUS Information Technology Co., Ltd. NSFOCUS enjoys all copyrights with respect to all textual narrations, document formats, illustrations, photographs, methods, processes and other contents, unless otherwise specified, which shall be governed by relevant property rights and copyright laws. Without written permission of NSFOCUS, any individual or institution shall be prohibited to copy or quote any section herein in any way. About NSFOCUS NSFOCUS is a proven global leader in active perimeter network security for service providers, data centers, and corporations. It focuses on providing network security solutions including: carrier-grade Anti-DDoS System, Web Application Firewall, and Network Intrusion Prevention System - all designed to help customers secure their networks and corporate-critical information. More detailed information is available at http://www.nsfocus.com. 7 / 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information