OUR SERVICES AND PRICING FOR VULNERABILITY SCANNINGWebSite security Audit
Basic
( up to 50 pages )
- Manual Crawl
- Automated Crawl
- Passive Scan
- Active Scan
- Hidden Content Discovery
- Pdf Reports
- Risk Solution Recommendations
- Email support
STANDARD
( up to 100 pages )
- Manual Crawl
- Automated Crawl
- Passive Scan
- Active Scan
- Hidden Content Discovery
- Pdf Reports
- Risk Solution Recommendations
- Email support
Pro
( up to 500 pages )
- Manual Crawl
- Automated Crawl
- Passive Scan
- Active Scan
- Hidden Content Discovery
- Pdf Reports
- Risk Solution Recommendations
- Email support
Custom offer
Contact us!
- Manual Crawl
- Automated Crawl
- Passive Scan
- Active Scan
- Hidden Content Discovery
- Pdf Reports
- Risk Solution Recommendations
- Email support
Backup the website and install locally
We will first make a total backup of your website and install it locally to one of our servers. By doing this we make sure we can scan the total site without any dangers for the client. Scanning on live systems can get websites to crash and take the website offline.Content Discovery
As you might guess, before identifying vulnerabilities in your website it is necessary to fully discover it. For this purpose we are using 2 different techniques: crawling (spidering) and hidden content discovery techniques.Crawling
Crawling consist of 2 steps: first, we manually crawl your website to get content and after that we are using automatic crawling which is simply an automatic process done by our tools to get through links which your website has.
Hidden Content Discovery
Hidden content discovery is the process of identifying content which is not linked from visible content that you can browse. For this purpose, we use some general techniques such as name guessing and extrapolation from naming conventions detected in use within the web application. So, to sum it up, in order to discover content we first crawl it manually, then automatically and at the end we use some techniques to discover hidden content.
Auditing for Vulnerabilities
After getting all links your website has, we start implementing the second stage - auditing. In order to more efficiently explore functions that store and return user input, we carry out scans in 3 different stage: active, passive and JS ( JavaScript ) analysis.Passive
In the passive stage, we are detecting such vulnerabilities which can be easily exposed just by analyzing requests and responses. We can refer to serialized objects in HTTP messages as an example of such vulnerabilities.
Active
in the active stage, issues, we are detecting can be grouped into the following: light, medium and intrusive active vulnerabilities. Light active issues are such type of vulnerabilities which can be identified even by making a very small number of pure requests. Cross-origin resource sharing can be considered to be an example of such issues. Medium active issues are being detected by making requests that might be considered malicious ( for example, OS command injection ). Finally By making requests that carry a higher risk of damaging the application data(for example SQL injection) we are detecting intrusive active issues.
JavaScript analysis
The last stage of scanning is JS analysis. In this phase vulnerabilities, we are detecting, can be identified by analyzing the JS that is executed by the web application on the client side. DOM-based cross-site scripting is one of the examples of these type of vulnerabilities. In order to identify a wide range of DOM-based vulnerabilities, we are using 2 types of analysing: static and dynamic. In the static analysis in order to identify the sources which can be controlled by an attacker JavaScript code is parsed to build an abstract syntax tree. In this phase we analyze code, find flows to identify ways via which malicious input can be easily transferred to dangerous places. In dynamic analysis, at places that can be controlled by any attacker, payloads are injected into the DOM and JS is executed within the response. In addition, for purposes of achieving maximum code coverage, such mouse events as "in onclick" are created to interact with the page.
How long does a scan take to complete?
Depending on the size of your website it can take from 2-3 hours to 24 hours or even more. You can let us know in advance if a scan is needed to be done in a short period of time.
What payment options are there?
Payment options are Visa & Mastercard, Paypal, all the major Cryptocurrencies like bitcoin, bitcoin cash, ripple, money. If your payment option is not listed here, please just send us an email and we will be happy to help you.
Will you fix security issues?
No, We will not fix your security issues. We can make you an offer on fixing some vulnerabilities, but that will depend on the severity of the issue. However, having a detailed report paper, you can inform your web developers about security issues so they can fix.
Which vulnerabilities you can find?
Injection, Broken Authentication, Sensitive, data Exposure, XML External Entities (XXE), Broken Access Control, Security, Misconfiguration, Cross-Site Scripting (XSS) Insecure Deserialization, Using Components with Known Vulnerabilities, Insufficient Logging & Monitoring and many more...
Will this stop hackers from exploiting vulnerabilities?
No, it will not. The scan will make you know which vulnerabilities your site has. It will be up to you what to do with them. We can make you an offer on fixing them but that all depends on the severity of the issue. But, you can send report paper to your web developers to inform them about issues your site have.so, they can fix them.
Why not use free software or scan it myself?
The software we are using is a professional one and expensive to buy, also it requires professionals to do the proper scanning. To do a scan safely takes a lot of time to master. We are experts who can make this job for you.
What happens if my site has an issue?
If your site has an issue you can either let us make an offer to fix it or contact your web developer to do this.
Are there any risks which will harm my website?
No, the scanning process is safe. In some cases, depending on website host location you might get lower site speeds. If this is a problem for you, we can always do the scan at night.
Do you offer refunds?
No. there will be no refunds after the scan is over.