Tag Archive for: Pentests

Image IT Security

SRC actively supports long-term partnership with the Alliance for Cyber Security

Conducting a free Web Appli­cation Security Scan

SRC has been a partner of the Alliance for Cyber Security for many years. As an active support of this partnership, SRC offered a free Web Appli­cation Security Scan for a maximum of five members of the alliance in 2018.

Worth knowing about the Web Appli­cation Security Scans

Web appli­cation security scans aim to identify errors in the archi­tecture and config­u­ration of the examined Web appli­cation. Such vulner­a­bil­ities could be exploited, for example to change the content of the page (XSS, Cross Site Scripting). Contents of the database could also be downloaded or admin­is­trative rights acquired. If a system is compro­mised in this way, it could be used for further attacks towards its own internal infrastructure.

Unlike fully automated Web Appli­cation Security Scans, SRC also checks pages that are only displayed to the user after regis­tration or login. With fully automated scans without consid­er­ation of authen­ti­cation processes such vulner­a­bil­ities cannot be uncovered. However, this is exactly what the Web Appli­cation Security Scan allows and thus offers a more compre­hensive scan result.

The scans are performed “non-destructive” and “non-instrusive”. This means that vulner­a­bil­ities are identified. As with penetration tests, for example, this is not an attempt to exploit the vulner­a­bil­ities that have been discovered. Scanning is carried out in close consul­tation with the participant.

Great demand from members of the Alliance

The Web Appli­cation Security Scans offered by SRC were met with great demand among the members of the Alliance. For this reason, the five scans offered are already out of stock. A report about the execution of the scans is soon to be found in our blog. Further details can also be found on the Alliance for Cyber Security website.

Tag Archive for: Pentests