EN/RU
Personal account
Main > Projects
ISA Web Technologies uses only our own software. Only ISAWT users can use the services and software by ISAWT.
    Multi-Threaded Modular Security Scanner

Security-Scan consists of several modules united in one system, where each module performs strictly defined tasks. The scanner absorbed the knowledge base about the most effective query sequences from popular to very exotic ones. Security-Scan automates the process of detecting and exploiting SQL injections, emulating the attacker's actions to enter the system, which allows you to know about potential security vulnerabilities before they can be used by cybercriminals. Supports the following databases: MySQL, MSSQL, MSAcceess, Oracle, DB2, PostgreSQL.
Module 1 – Collector.
Explores the structure of a web resource (website, application), and creates a catalog of all detected links and files.




Vulnerabilities detected by Security-Scan:
  • SQL Queries from a browser to obtain unauthorized access to data;
  • File inclusion;
  • Cross frame scripting;
  • Arbitrary code execution;
  • Confidential directories traversal;
  • Public Backup Copies;
  • XSS;
  • Buffer Overflow;
  • Brute-Force attack;
  • User Session Interception, etc
Module 3 – Analyzer.
The vulnerability report is processed by the Analyzer. The Analyzer generates a Scan Protocol, which contains the following information:
  • Structured data on the vulnerabilities found;
  • Assessment of their criticality;
  • Their elimination time assessment;
  • Recommendations for their elimination;
  • Analysis of trends in the security issues.

The Scan Protocol can be saved in * txt, * doc, * docx formats.




Module 2 – Emulator.
Conducts tests with all available pages of a web resource by unique algorithmic query chains, emulating hacker attacks in a variety of possible combinations including as follows:
  • Technique of character-by-character extraction data;
  • Shell uploads through sql-injection or using access to shells to manage the database, and so on.
Module 1 – Collector.
Explores the structure of a web resource (website, application), and creates a catalog of all detected links and files.
Module 2 – Emulator.
Conducts tests with all available pages of a web resource by unique algorithmic query chains, emulating hacker attacks in a variety of possible combinations including as follows:
  • Technique of character-by-character extraction data;
  • Shell uploads through sql-injection or using access to shells to manage the database, and so on.
Module 3 – Analyzer.
The vulnerability report is processed by the Analyzer. The Analyzer generates a Scan Protocol, which contains the following information:
  • Structured data on the vulnerabilities found;
  • Assessment of their criticality;
  • Their elimination time assessment;
  • Recommendations for their elimination;
  • Analysis of trends in the security issues.

The Scan Protocol can be saved in * txt, * doc, * docx formats.
Vulnerabilities detected by Security-Scan:
  • SQL Queries from a browser to obtain unauthorized access to data;
  • File inclusion;
  • Cross frame scripting;
  • Arbitrary code execution;
  • Confidential directories traversal;
  • Public Backup Copies;
  • XSS;
  • Buffer Overflow;
  • Brute-Force attack;
  • User Session Interception, etc
The Security-Scan security scanner is coded in PHP with the ability to use in multi-threaded mode, i.e. it can simultaneously execute many queries and various tests. This significantly reduces the time of its operation with web resources, and is advantageously different from the analogues. All actions and results of the Security -Scan are logged permanently. The scanner can be used to diagnose a database. Continuous addition of new vulnerabilities and checks is supported. At the end of the Emulator Module, all information about the detected vulnerabilities is recorded in the report.
ATTENTION!!
In the Security-Scan modules, mechanisms that automatically emulate cybercriminals' actions in detecting and exploiting SQL injections are widely used. Therefore, in order to avoid using the scanner for criminal purposes, ISAWT does not sell it.
    Code Change Interceptor

Interceptor is effective software for tracking changes in a code of a web resource up to one symbol.
The software periodically compares the source code of the web resource created during the first run of the software with the current code (the periodicity adjustment is automatically maintained from 15 minutes to 3 days or at any time by the user's command) The source snapshot can be changed by the web resource administrator if upgrade or update is necessary.
Interceptor Functions:
  • Source Snapshot Setting Up (in user interface or in personal account);
  • Check Period Configuration (in personal account);
  • Report Configuration (in personal account);
  • SMS or Email Notifications (in personal account);
  • Report saving in *txt, *doc, *docx formats (in personal account);
  • Web Resource Blocking and Unblocking (in user interface or in personal account).
Interceptor Functions:
  • Source Snapshot Setting Up (in user interface or in personal account);
  • Check Period Configuration (in personal account);
  • Report Configuration (in personal account);
  • SMS or Email Notifications (in personal account);
  • Report saving in *txt, *doc, *docx formats (in personal account);
  • Web Resource Blocking and Unblocking (in user interface or in personal account).
Interceptor can be operated both in automatic mode (Check Period Configuration is supported) and manual start. In case of discrepancies between the current resource code and the source snapshot, the resource manager is notified of an attack indicating the attacked code section. The administrator can manually or automatically block the web resource when the attack is detected. Unblocking the web resource is possible by entering an activation code, which is available in personal account on the web site.

Services

Statistics

Projects

Partnership

About us
Contacts

Privacy policy

Terms of Use

info@isaweb.tech


Send

ISA WEB TECHNOLOGIES © 2017