|
Maze & Associates PCI Web Application Scanning (PCI-WAS) Service
Web applications are structured in three layers. Typically, the first layer would be a Web server, the second would be a content generation technology tool such as Java servlets or ASP (Active Server Pages), and the third layer would be one or more compatible databases.
Web Application Scanning looks for a variety of vulnerability types within customized code that can consist of shopping carts, forms, login pages, and other types of dynamic content – all examples of Web Applications.
Web Application Scan solution provides comprehensive capabilities to assess and track web application vulnerabilities across distinctly different web sites. The module includes the following features:
- Profiles the target application to determine custom error behaviors and login forms.
- Crawling algorithm that balances breadth and depth of links in order to obtain wide coverage of the target application.
- Works with multiple character sets and internationalized text within HTML content.
- Automatically authenticates to HTML forms and monitors its session state.
- Combines pattern and behavior analysis to improve accuracy and reduce false positives.
- Accurate identification of SQL Injection and Cross-Site Scripting (XSS) vulnerabilities.
- Workflow for expert review and approval.
|