Vulnerability analyzers offer Web scanning as an option

Web scanning is different from vulnerability scanning because it looks for bugs in the Web apps themselves, rather than in the software installed on the Web server. For example, all of the vulnerability scanners told us about an old embedded system on our network vulnerable to a cross-site scripting attack because of an old version of PHP.

That's just normal vulnerability scanning, and depending on your Web applications and Web server settings a scanner may turn out a lot of false positives. But actually finding an exploitable script on a website requires a more intense search, coming in from the outside, and a more specialized type of scanner.

Do you know where your security holes are?

Typically, Web scanning includes some type of data loss prevention features (looking for identity information on Web pages), information disclosure scans (looking for entire directories that are available), cross-site scripting and SQL injection detection, and, of course, known vulnerability scanning in common Web applications.

FusionVM, McAfee MVM and QualysGuard VM all include Web scanning as an option (sometimes separately licensed) in their existing scanners, while eEye offers a separate product, Retina Web, focused on Web application scanning.

As we evaluated the different vulnerability analyzers, we kept looking for IPv6 support. Most of them don't even mention it, with SAINT being the lone exception. SAINT doesn't support IPv6 everywhere yet, but it's the closest product to being IPv6-ready in the set we tested.

Read more about wide area network in Network World's Wide Area Network section.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags endpoint securitymcafeeweb scanning

More about etworkHewlett-Packard AustraliaHPLANMcAfee Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Joel Snyder

Latest Videos

More videos

Blog Posts