Main > Services
Are you sure of the reliability of your protection? What saves your website and applications from hacking? How long have you been diagnosing your web resources? ISAWT offers original information security solutions. Simulating the actions of an external attacker to identify weaknesses and eliminate critical vulnerabilities is a keystone of the ISAWT security concept. Think like a criminal and be one step ahead.
|
ISAWT - it is an emulation of hacker attacks on web resources under your control and expert analysis of web resources using unique software.
|
|
SQL Injection Scan
SQL injection is one of the most common ways of hacking websites, software and applications that run on databases, based on the insertion of arbitrary SQL code in a query. | |
ISAWT secures your web resource from potential hacking by identifying, analyzing and eliminating critical SQL vulnerabilities. | |
The SQL injection gives an access to various types of databases (MySQL, MSSQL, MSAccess, Oracle, DB2, PostgreSQL) and an opportunity to read the contents of any tables, to delete, edit or add data, to read and / or create local files and execute arbitrary commands on the attacked server. |
SQL injection is one of the most common ways of hacking websites, software and applications that run on databases, based on the insertion of arbitrary SQL code in a query. |
The SQL injection gives an access to various types of databases (MySQL, MSSQL, MSAccess, Oracle, DB2, PostgreSQL) and an opportunity to read the contents of any tables, to delete, edit or add data, to read and / or create local files and execute arbitrary commands on the attacked server. |
ISAWT secures your web resource from potential hacking by identifying, analyzing and eliminating critical SQL vulnerabilities. |
'Face to Face' Pack |
Руб. | $ | € | Request |
1 site / 1 scan |
5 699р | $84 | €74 | Send request |
1 site / 4 scans |
21 420р (5355р/scan) |
$316 ($79/scan) |
€280 (€70/scan) |
Send request |
1 site / 12 scans |
63 588р (5299р/scan) |
$940 ($78.3/scan) |
€833 (€69.4/scan) |
Send request |
'Triplet' Pack | Руб. | $ | € | Request |
3 sites / 1 scan |
16 065р (5355р/scan) |
$237 ($79/scan) |
€210 (€70/scan) |
Send request |
3 sites / 4 scans |
62 388р (5199р/scan) |
$922 ($76.8/scan) |
€817 (€68.1/scan) |
Send request |
3 sites / 12 scans |
176 220р (4895р/scan) |
$2 606 ($72.4/scan) |
€2 309 (€64.1/scan) |
Send request |
'Family' Pack | Руб. | $ | € | Request |
5 sites / 1 scan |
26 495р (5299р/scan) |
$391 ($78.2/scan) |
€347 (€69.4/scan) |
Send request |
5 sites / 4 scans |
99 980р (4999р/scan) |
$1 478 ($73.9/scan) |
€1 310 (€65.5/scan) |
Send request |
5 sites / 12 scans |
269 700р (4495р/scan) |
$3 989 ($66.5/scan) |
€3 534 (€58.9/scan) |
Send request |
Security Strategy Development (Details)
|
|
What is «Security Strategy Development»? The basis of the service «Security Strategy Development» is a combination of automated and manual static analysis source code. Why is the «Security Strategy Development» necessary? In the process of static analysis of the source code, marks (anchors) are set inside the project session, where vulnerabilities were found. Vulnerabilities sort by type.Compile map of the dependence of vulnerabilities on each other. Calculate level of criticality. And determine the possible consequences of the vulnerabilities found. The result of «Security Strategy Development» are: structured data on the vulnerabilities found, recommendations for their elimination, a general summary of the structure source code within the project, as well as suggestions for its modification and optimization. |
Static code analysis is a software analysis (as opposed to
dynamic analysis) without code execution. Depending on the tool used, the depth of analysis can vary from defining the behavior of individual operators to analyzing the entire available source code. (required FULL analysis of source code for identify all possible security flaws of a web resource) The methods of using the information obtained during the analysis are also different - from identifying places, possibly containing errors, to formal methods that allow mathematically proving any properties of vulnerabilities and their dependencies. |
What is the plan of «Security Strategy Development»?
«Security Strategy Development» starts from "pre-project planning", which includes:
• collect of all source code files, configuration and log files of a web resource;
• create of a directory of files / objects for manual static code analysis with automation elements;
• variable calculation of the cost of providing a service;
• determination of the timing of the static code analysis.
"Pre-project planning" takes from 2 to 7 days (depending on the scale of the project) for prepayment.
To carry out "pre-project planning", the customer provides:
1. Access to the file system of a web resource (web manager, ftp). It is possible to obtain an archive with files of a web resource, but in this case, some restrictions will be imposed, which may affect the speed of solving certain tasks in the audit process. Therefore, access to the file system through the manager is preferable.
2. Access to the database structure. (phpmyadmin is preferred)
3. Access to the settings of the web server serving the web resource. (cpanel, isp-manager or another version of the web-version of the admin hosting panel)
4. Online communication (text) in any convenient way for the possibility of sending notifications during the audit security, as well as solutions to emerging issues.
After agreeing on the project plan, the project implemented in 3 stages:
«Security Strategy Development» starts from "pre-project planning", which includes:
• collect of all source code files, configuration and log files of a web resource;
• create of a directory of files / objects for manual static code analysis with automation elements;
• variable calculation of the cost of providing a service;
• determination of the timing of the static code analysis.
"Pre-project planning" takes from 2 to 7 days (depending on the scale of the project) for prepayment.
To carry out "pre-project planning", the customer provides:
1. Access to the file system of a web resource (web manager, ftp). It is possible to obtain an archive with files of a web resource, but in this case, some restrictions will be imposed, which may affect the speed of solving certain tasks in the audit process. Therefore, access to the file system through the manager is preferable.
2. Access to the database structure. (phpmyadmin is preferred)
3. Access to the settings of the web server serving the web resource. (cpanel, isp-manager or another version of the web-version of the admin hosting panel)
4. Online communication (text) in any convenient way for the possibility of sending notifications during the audit security, as well as solutions to emerging issues.
After agreeing on the project plan, the project implemented in 3 stages:
Stage |
Static code analysis |
Analysis of vulnerabilities |
Strategy of defence |
Time* | From 2 weeks | From 3 weeks | From 2 weeks |
Target | Analysis of the source code to identify potential and critical vulnerabilities. | Description, detect kind of vulnerability and analysis criticalyty from Report №1, generated at the stage «Static Code Analysis». | Create a list of recommendations for elimination of identified vulnerabilities, and also suggestions for possible modification of the source code of the project, which allow eliminate a breech in the security of the web resource. |
Performance |
1. Analysis of the index file, the source code of which contains the initial logic of the web resource. 2. Extract the source code of all included files in the project of the web resource. 3. Check user input data($ _GET, $ _POST, $ _COOKIE, $ _REQUEST, $ _GLOBALS) 4. Analysis of logical structures of source code. 5. Manual search of vulnerabilities in all priority files of source code. 6. Analysis of the source code of all included modules with which actions are performed from the points 3-6. |
1. Detailed analysis of the detected
vulnerabilities.
2. Determine the type of vulnerabilities (potential / critical), level their criticality (5 levels from low to critical) and possible consequences that can lead found vulnerabilities. 3. Create a dependency map vulnerabilities from each other. |
1. General summary about structure of the source code. 2. Development of methods to eliminate the identified vulnerabilities. 3. Recommendations to neutralize found vulnerabilities, as well as methods of full restructuring of vulnerable areas source code and the creation of other safe alternatives. (if such methods have place to be) |
Result | Report №1, containing a list of potentially vulnerable structures inside files / objects with definition of their types, as well as dependent connections without detailed research and description potential and critical vulnerabilities. |
Report №2, containing: 1. structured data on found vulnerabilities; 2. assessment of the level of their criticality; 3. map of vulnerabilities and their dependencies on each other; 4. List of files that have dependencies on the vulnerabilities found. |
Protocol of developed security strategy
(Report №3), which contains: 1. summary about source code structure of the project; 2. recommendations for eliminating identified vulnerabilities; 3. proposals for modification and optimization of the source code security. |
* The actual duration of each stage is set depending on the scale of the web resource which will be analyzed.
** The stages "Static Code Analysis" and "Analysis of Vulnerabilities " are carried out in parallel to each other.
Reports on these stages will provided together, within the time frame established by the contract.
** The stages "Static Code Analysis" and "Analysis of Vulnerabilities " are carried out in parallel to each other.
Reports on these stages will provided together, within the time frame established by the contract.
Based on the Scan Protocol, which is compiled by Analyzers in an automatic mode, our specialists build an individual security strategy in accordance with the tasks of the web resource. At all stages of developing the security strategy, close interaction with the representative of the web resource owner is necessary. |
The web resource owner can independently develop the security strategy based on the Scan Protocol. In this case, ISAWT is not responsible for the reliability and effectiveness of the selected methods of vulnerability elimination. The ultimate target of the strategy is to eliminate all identified vulnerabilities. |
Security Strategy Development | Руб. | $ | € | Request |
1 site | from 120 000р | from $1770 | from €1570 | Send request |
3 sites |
from 330 000р (from 110000р/site) |
from $4880 (from $1630/site) |
from €4320 (from €1440/site) |
Send request |
5 sites |
from 500 000р (from 100000р/site) |
from $7400 (from $1480/site) |
from €6550 (from €1310/site) |
Send request |
Security Strategy Integration
In accordance with the developed security strategy, in close cooperation with the representative of the web resource owner, our specialists eliminate all identified vulnerabilities thereby secure your information from potential hacking. | However, the web resource owner can independently eliminate the vulnerabilities identified by scanning. In this case, ISAWT is not responsible for the reliability and effectiveness of the selected methods of vulnerability elimination. |
In accordance with the developed security strategy, in close cooperation with the representative of the web resource owner, our specialists eliminate all identified vulnerabilities thereby secure your information from potential hacking. |
However, the web resource owner can independently eliminate the vulnerabilities identified by scanning. In this case, ISAWT is not responsible for the reliability and effectiveness of the selected methods of vulnerability elimination. |
Security Strategy Integration | Руб. | $ | € | Request |
1 site | from 200 000р | from $2960 | from €2620 | Send request |
3 sites |
from 540 000р (from 180000р/site) |
from $7990 (from $2660/site) |
from €7080 (from €2360/site) |
Send request |
5 sites |
from 800 000р (from 160000р/site) |
from $11830 (from $2370/site) |
from €10480 (from €2100/site) |
Send request |
Code Injection Interceptor
Interceptor is small but effective software for tracking changes in a code of a web resource up to one symbol. | Interceptor monitors attempts to inject a foreign code and, in case of any attack, blocks the resource. The interceptor notification system immediately informs the owner about the entry attempt, as well as an activation code for unlocking the web resource. The web resource can be blocked automatically or by the owner's command. The functions are controlled in personal account on the website. |
Interceptor is small but effective software for tracking changes in a code of a web resource up to one symbol. |
Interceptor monitors attempts to inject a foreign code and, in case of any attack, blocks the resource. The interceptor notification system immediately informs the owner about the entry attempt, as well as an activation code for unlocking the web resource. The web resource can be blocked automatically or by the owner's command. The functions are controlled in personal account on the website. |
Code Injection Interceptor | Руб. | $ | € | Request |
1 licence | 2 000р | $29 | €26 | Send request |
3 licenses |
5 600р (1867р/license) |
$82 ($27.3/license) |
€73 (€24.3/license) |
Send request |
5 licenses |
8 500р (1700р/license) |
$125 ($25/license) |
€111 (€22.2/license) |
Send request |