Main > Projects
|
ISA Web Technologies uses only our own software. Only ISAWT users can use the services and software by ISAWT.
|
Multi-Threaded Modular Security Scanner
Security-Scan consists of several modules united in one system, where each module performs strictly defined tasks. The scanner absorbed the knowledge base about the most effective query sequences from popular to very exotic ones. Security-Scan automates the process of detecting and exploiting SQL injections, emulating the attacker's actions to enter the system, which allows you to know about potential security vulnerabilities before they can be used by cybercriminals. Supports the following databases: MySQL, MSSQL, MSAcceess, Oracle, DB2, PostgreSQL.
|
|
|
|
Module 1 – Collector. Explores the structure of a web resource (website, application), and creates a catalog of all detected links and files. |
|
|
Module 2 – Emulator. Conducts tests with all available pages of a web resource by unique algorithmic query chains, emulating hacker attacks in a variety of possible combinations including as follows:
|
|
Module 3 – Analyzer. The vulnerability report is processed by the Analyzer. The Analyzer generates a Scan Protocol, which contains the following information:
The Scan Protocol can be saved in * txt, * doc, * docx formats. |
Vulnerabilities detected by Security-Scan:
|
The Security-Scan security scanner is coded in PHP with the ability to use in multi-threaded mode, i.e. it can simultaneously execute many queries and various tests. This significantly reduces the time of its operation with web resources, and is advantageously different from the analogues.
All actions and results of the Security -Scan are logged permanently.
The scanner can be used to diagnose a database.
Continuous addition of new vulnerabilities and checks is supported.
At the end of the Emulator Module, all information about the detected vulnerabilities is recorded in the report.
| ATTENTION!! |
In the Security-Scan modules, mechanisms that automatically emulate cybercriminals' actions in detecting and exploiting SQL injections are widely used. Therefore, in order to avoid using the scanner for criminal purposes, ISAWT does not sell it.
|
Code Change Interceptor
Interceptor is effective software for tracking changes in a code of a web resource up to one symbol.
The software periodically compares the source code of the web resource created during the first run of the software with the current code (the periodicity adjustment is automatically maintained from 15 minutes to 3 days or at any time by the user's command) The source snapshot can be changed by the web resource administrator if upgrade or update is necessary.
The software periodically compares the source code of the web resource created during the first run of the software with the current code (the periodicity adjustment is automatically maintained from 15 minutes to 3 days or at any time by the user's command) The source snapshot can be changed by the web resource administrator if upgrade or update is necessary.
|
Interceptor Functions:
|
|
|
Interceptor Functions:
|
Interceptor can be operated both in automatic mode (Check Period Configuration is supported) and manual start.
In case of discrepancies between the current resource code and the source snapshot, the resource manager is notified of an attack indicating the attacked code section.
The administrator can manually or automatically block the web resource when the attack is detected.
Unblocking the web resource is possible by entering an activation code, which is available in personal account on the web site.