Conducting a free Web Application Security Scan
SRC has been a partner of the Alliance for Cyber Security for many years. As an active support of this partnership, SRC offered a free Web Application Security Scan for a maximum of five members of the alliance in 2018.
Worth knowing about the Web Application Security Scans
Web application security scans aim to identify errors in the architecture and configuration of the examined Web application. Such vulnerabilities could be exploited, for example to change the content of the page (XSS, Cross Site Scripting). Contents of the database could also be downloaded or administrative rights acquired. If a system is compromised in this way, it could be used for further attacks towards its own internal infrastructure.
Unlike fully automated Web Application Security Scans, SRC also checks pages that are only displayed to the user after registration or login. With fully automated scans without consideration of authentication processes such vulnerabilities cannot be uncovered. However, this is exactly what the Web Application Security Scan allows and thus offers a more comprehensive scan result.
The scans are performed “non-destructive” and “non-instrusive”. This means that vulnerabilities are identified. As with penetration tests, for example, this is not an attempt to exploit the vulnerabilities that have been discovered. Scanning is carried out in close consultation with the participant.
Great demand from members of the Alliance
The Web Application Security Scans offered by SRC were met with great demand among the members of the Alliance. For this reason, the five scans offered are already out of stock. A report about the execution of the scans is soon to be found in our blog. Further details can also be found on the Alliance for Cyber Security website.