network background popup

Website Vulnerability Assessment & Testing

Is your website secure?

We scan for Cross Site Scripting (XSS), SQL Injection, and many more!

Is your website secure?

The server is not infinite. Vulnerability testing is the way to go to help protect your site. It needs to be carefully managed for its resources, to ensure the highest performance and operational efficiency. Your webserver is no exception to this rule.

After years of helping customers defend against DDoS attacks, we've had the opportunity to examine and analyze hundreds of websites, and discovered an alarming amount of vulnerabilities and inefficient coding. We've seen insecure web applications that were exposed by hackers, bringing sites down with just one web transaction. We've also seen webservers that could not deliver while under legitimate load due to something as simple as improper CSS and cache settings. And with the constant changes introduced by developers, managed hosting providers and website administrators, security holes and suboptimal web coding are almost guaranteed to appear over time and can then be exploited by Internet criminals and pranksters. Given that hackers are using TCP ports 80 and 443(SSL) to exploit website design flaws and vulnerabilities, hardware and cloud based application firewalls are not an effective defense against these tactics.

These vulnerabilities and poor coding can be used to cause extended outages, deface your website, redirect customers, steal data, or install malicious code on your visitor's computers!

That's why, as part of our fully managed DDoS Protection solution, DOSarrest is now offering an additional Internet security service, the Website Vulnerability Testing & Optimization (VTO) report. The report will intelligently crawl your whole site, identify insecure elements and applications, and report inefficient settings in your website code. With this collection of tools, we now have one of the most comprehensive tests available today that will pinpoint practically any vulnerability and design flaw your website may have, and be able to:

  • Assist in securing web applications against vulnerabilities, by analyzing your site with the most advanced SQL injection and Cross Site scripting testing
  • Check for industry information security compliance, such PCI/DSS, HIPAA, SOX, and many more
  • Provide specific details on how to optimize caching (for a CDN or otherwise), minimize request overhead and payload size.

9 out of 10 websites will fail this report!

With this report, not only are you able to secure your site from the hackers of the world and avoid costly data theft or downtime, but you'll also be able to regain valuable compute power. This removes the need for costly hosting and/or infrastructure upgrades for your webserver (eg. A common reaction is to put hardware or cloud based firewalls in place to reduce server load; an expensive solution that is mostly ineffectual against application layer attacks). This saves you time AND money!

How it Works

– The test consists of a series of scans, and depending on the size of a website, can take up to 6 hours to complete. This test will not interfere with a website's normal operation in most cases, and therefore can be run at almost any time

What it Provides

– A report is created, comprised of 4 sections;

  • An executive summary, which is a recap of the report indicating the number of vulnerabilities in 4 categories depending on the seriousness of the vulnerability
  • A detailed description of where the security lapse is located on the website
  • A detailed explanation on what the particular issue is and how to remedy the situation.
  • A summary showing all breaches of what we have determined to be web performance best practices

What the Report Tests for

Vulnerabilities

Also referred to as XSS, is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser..

Optimizations

  • Excessive external css
  • CSS sprites
  • Excessive external js
  • Defer loading / parsing of js
  • Compressing resources
  • Browser caching
  • Proxy caching
  • Minimize redirects
  • Optimize images
  • Remove unused CSS
  • Consistent URL's

Backed by Expert Security Operation Center

– You can have one of our security engineers walk you through the report and help your technical team plug any holes found and rerun the test to ensure everything on the website is secure as it can be. Regularly scheduled tests are the key to keeping your website secure.

With this report and our 24/7 expertise, you can ensure that even the most customized web servers is locked down tight.

  • Testing starts at $2,000.00USD per test
  • Re-testing at $200.00USD/scan
  • DOSarrest customers receive a 50% discount on the above quoted prices

Click here to read our White Paper