Upload File

web vulnerability scanning€¦ · which include pci-dss, owasp top 10, iso 27001, nist sp 800-53...

  • Home
  • Documents
  • Web Vulnerability Scanning€¦ · which include PCI-DSS, OWASP Top 10, ISO 27001, NIST SP 800-53 (FISMA), HIPAA, Sarbanes-Oxley, Mitre CWE/SANS Top 25, among others. Automatic Form
2
Key Advantages Is your website vulnerable? Reduce False Positives – Code is analyzed as it is executed for a higher vulnerability detection rate with the elimination of many false positives. Meet Legal and Regulatory Compliance – Reports are available which include PCI-DSS, OWASP Top 10, ISO 27001, NIST SP 800-53 (FISMA), HIPAA, Sarbanes-Oxley, Mitre CWE/SANS Top 25, among others. Automatic Form Filler – Recorded macros allow for testing a login sequence or form filling process. Cross-Site Scripting and SQL Injection Testing – SQL Injection allows an attacker to modify a SQL query to gain access to the data in the database. Cross-Site Scripting allows an attacker to run malicious scripts in the visitor’s browser. In-Depth Analysis – Web code is scanned and crawled to analyze the latest HTML5 and dynamic JavaScript web content. The comprehensive scan understands SOAP and XML, and tests for vulnerabilities in AJAX and JSON request data. (1) Symantec Internet Security Threat Report, 2015 Vulnerabilities in websites can lead to the theft of confidential company information such as personal data of customers or employees, credit card information, and company records, including emails. In 2014, up to 75 percent of websites were found to have vulnerabilities, with at least 20 percent of those vulnerabilities classified as critical. 1 Web exploit toolkits have made it easier for attackers to exploit unpatched vulnerabilities using a variety of exploits. Cautela Labs can help you find out if your website is vulnerable by using in-depth scanning tools to analyze your web-based applications to find the vulnerabilities that can expose your confidential business data online. You’ll learn which web applications need to be fixed, with recommendations about potential solutions. JavaScript analysis for testing AJAX and Web 2.0 applications Advanced, in-depth SQL Injection and Cross-Site Scripting testing Understands SOAP, XML, AJAX and JSON technologies Includes WordPress-specific security checks Support for CAPTCHA, Single Sign-On and 2-Factor Authentication Testing for File Upload Forms Finds vulnerabilities such as: CRLF injection Code execution Directory Traversal File Inclusion Features & Capabilities Cautela Labs Web Vulnerability Scanning [email protected] | 5080 N. 40th Street, Suite 300 | Phoenix, AZ 85018 | 800-997-8132 www.cautelalabs.com

Upload: others

Post on 06-Aug-2020

8 views

Category:

Documents


0 download

Report

TRANSCRIPT

Page 1: Web Vulnerability Scanning€¦ · which include PCI-DSS, OWASP Top 10, ISO 27001, NIST SP 800-53 (FISMA), HIPAA, Sarbanes-Oxley, Mitre CWE/SANS Top 25, among others. Automatic Form

Key Advantages

Is your website vulnerable?

Reduce False Positives – Code is analyzed as it is executed for a higher vulnerability detection rate with the elimination of many false positives.

Meet Legal and Regulatory Compliance – Reports are available which include PCI-DSS, OWASP Top 10, ISO 27001, NIST SP 800-53 (FISMA), HIPAA, Sarbanes-Oxley, Mitre CWE/SANS Top 25, among others.

Automatic Form Filler – Recorded macros allow for testing a login sequence or form filling process.

Cross-Site Scripting and SQL Injection Testing – SQL Injection allows an attacker to modify a SQL query to gain access to the data in the database. Cross-Site Scripting allows an attacker to run malicious scripts in the visitor’s browser.

In-Depth Analysis – Web code is scanned and crawled to analyze the latest HTML5 and dynamic JavaScript web content. The comprehensive scan understands SOAP and XML, and tests for vulnerabilities in AJAX and JSON request data.

(1) Symantec Internet Security Threat Report, 2015

Vulnerabilities in websites can lead to the theft of confidential company information such as personal data of customers or employees, credit card information, and company records, including emails. In 2014, up to 75 percent of websites were found to have vulnerabilities, with at least 20 percent of those vulnerabilities classified as critical.1 Web exploit toolkits have made it easier for attackers to exploit unpatched vulnerabilities using a variety of exploits.

Cautela Labs can help you find out if your website is vulnerable by using in-depth scanning tools to analyze your web-based applications to find the vulnerabilities that can expose your confidential business data online. You’ll learn which web applications need to be fixed, with recommendations about potential solutions.

JavaScript analysis for testing AJAX

and Web 2.0 applications

Advanced, in-depth SQL Injection

and Cross-Site Scripting testing

Understands SOAP, XML, AJAX

and JSON technologies

Includes WordPress-specific security checks

Support for CAPTCHA, Single Sign-On

and 2-Factor Authentication

Testing for File Upload Forms

Finds vulnerabilities such as:

CRLF injection

Code execution

Directory Traversal

File Inclusion

Features & Capabilities

Cautela Labs Web Vulnerability Scanning

[email protected] | 5080 N. 40th Street, Suite 300 | Phoenix, AZ 85018 | 800-997-8132

www.cautelalabs.com

Page 2: Web Vulnerability Scanning€¦ · which include PCI-DSS, OWASP Top 10, ISO 27001, NIST SP 800-53 (FISMA), HIPAA, Sarbanes-Oxley, Mitre CWE/SANS Top 25, among others. Automatic Form

Easy to Read Reports with Recommendations

[email protected] | 5080 N. 40th Street, Suite 300 | Phoenix, AZ 85018 | 800-997-8132

www.cautelalabs.com

Cautela Labs Web Vulnerability Scanning


Rar Cwe Office

CWE-74 - Injection

CWE Instruments

CWE Matting

2010 CWE/SANS Top 25 with OWASP Top 10 and PCI DSS V2 Mapping

Bank Cwe Prospectus

French cwe diy

DojoSec FISMA Presentation

Evolution of OIG FISMA Metrics - NIST Computer Security ... · Evolution of OIG FISMA Metrics Information Security ... Agenda • Inspector General (IG) FISMA metrics background •

CWE Sales Flyer

CWE - 2010 CWE/SANS Top 25 Most Dangerous Software Errors

CWE - 2009 CWE/SANS Top 25 Most Dangerous Programming Errors

SIP, CWE Presentation

FISMA report

FISMA, NIST Style

PolarSSL1.1.8verificationkit4.TechnicalOverview 4.1.ComponentDescription SecurityWeakness Definition CWE-127 BufferUnder-read CWE-369 DivideByZero CWE-415 DoubleFree CWE-416 UseA

Matrix cwe 15

Cwe advertisement rr_bs_phase_ii

CWE Gondola Catalogue

Cwe rrb advertisement

Cwe po mt_info_handout

Manual Bizerba CWE

FISMA and Metrics

CWE-365 Brochure.sml

Rapid7 FISMA Compliance Guide

INFO 610 FISMA Presentation

INTENT CWE Avcnoe

CWE Pallet Racking

The CWE/SANS Top 25: Towards Minimum Due … › › CWE_Top_25_Minimum_Due...CWE Vers 1.3 PLOVER (CWE draft 1) CWE draft 5 CWE draft 7 CWE Vers 1.0 Mar2009 762nodes 2005 300 nodes

terangsang cwe ke cwo cwo ke cwe *ena

CWE Shipping & Packaging

2009 CWE/SANS Top 25 Most Dangerous Programming Errors

CWE Version 1

Cwe advertisement rr_bs_phase_iii

Securing the code and waiting for skilled hackersBenchmark OWASP Top 10 OWASP Top 10 Mobile PCI DSS Mitre CWE SANS Top 25 FISMA HIPAA MISRA BSIMM NIST SP 800-53 DISA STIG 4.1 WASC