Background IT-Security

SRC actively supports long-term partnership with the Alliance for Cyber Security

Conducting a free Web Appli­cation Security Scan

SRC has been a partner of the Alliance for Cyber Security for many years. As an active support of this partnership, SRC offered a free Web Appli­cation Security Scan for a maximum of five members of the alliance in 2018.

Worth knowing about the Web Appli­cation Security Scans

Web appli­cation security scans aim to identify errors in the archi­tecture and config­u­ration of the examined Web appli­cation. Such vulner­a­bil­ities could be exploited, for example to change the content of the page (XSS, Cross Site Scripting). Contents of the database could also be downloaded or admin­is­trative rights acquired. If a system is compro­mised in this way, it could be used for further attacks towards its own internal infrastructure.

Unlike fully automated Web Appli­cation Security Scans, SRC also checks pages that are only displayed to the user after regis­tration or login. With fully automated scans without consid­er­ation of authen­ti­cation processes such vulner­a­bil­ities cannot be uncovered. However, this is exactly what the Web Appli­cation Security Scan allows and thus offers a more compre­hensive scan result.

The scans are performed “non-destructive” and “non-instrusive”. This means that vulner­a­bil­ities are identified. As with penetration tests, for example, this is not an attempt to exploit the vulner­a­bil­ities that have been discovered. Scanning is carried out in close consul­tation with the participant.

Great demand from members of the Alliance

The Web Appli­cation Security Scans offered by SRC were met with great demand among the members of the Alliance. For this reason, the five scans offered are already out of stock. A report about the execution of the scans is soon to be found in our blog. Further details can also be found on the Alliance for Cyber Security website.