Secure-Application
chat
Security Testing Training
Secure Application Hosted Scanning Service | Secure Application | Cyber Security Services

Home >> Training >> Secure Application Hosted Scanning Service

Secure Application Hosted Scanning Service

The Secure Application Hosted Scanning Service offers the ability to run vulnerability scans along with a variety of port scans against large, disparate networks. Scans can be run from machines located inside your data centres, or from the cloud. The scanning service is managed by a web interface and can be accessed using a JSON-based API.

Ideally suited to hosting companies and large organisations, this service makes managing large networks easier, providing the tools and scalability needed to monitor varied, disparate networks for security problems through port scanning and vulnerability detection.

When firewalls are managed by different teams, or even by customers, and with web-visible applications being frequently probed by attackers, pro-active detection and resolution of security problems is essential. Widespread, high-severity vulnerabilities like Heartbleed demonstrate the need for timely security scanning: a large number of affected sites failed to react quickly, and many even reacted incorrectly.

Audited By Secure Application

The Audited by Secure Application service is an automated vulnerability scanning designed to pro-actively defend web-accessible network infrastructure by finding vulnerabilities. Tests can be run on-demand, requested using the web interface or the API, or they can be scheduled to run either weekly, monthly, or quarterly.

With a wide scope, the Audited by Secure Application service can identify well-known vulnerabilities in network server software, web-based vulnerabilities in bespoke applications - such as cross-site scripting and SQL injection - as well as vulnerabilities caused by misconfiguration.

The results of the Audited by Secure Application scan are presented in an easily-accessible HTML report, with details of the vulnerabilities found, advisories, and links to remediation steps. These reports can be made available to your customers.

Port Scanning

Port scans, usually the first step in a vulnerability scan, can be run separately to determine the available TCP and UDP services on a scanned network. Useful for providing high-level assessments of a network, they can also help validate that firewall rule changes have worked as expected.

As well as full port scans (probing all possible TCP ports and all known UDP services), scans can be limited to a handful of well-known ports. With a smaller set of ports to probe, well-known portscans can be completed in a fraction of the time required for a full scan. The set of well-known ports includes ftp (tcp port 21), http (tcp port 80), dns (udp port 53), smtp (tcp port 25), and ntp (udp port 123). Alternatively, port scans can be configured to probe a user-defined list of ports.

A scan of HTTP and HTTPS services on ports 80 and 443 is also available, giving details of the HTTP response codes and where appropriate details of the SSL certificate.

These courses will benefit all the people concerned about Information Security of their network, system infrastructure and Information security on day-to-day life.

Web Interface

The web interface can be used to manage both ad-hoc and repeating scans, covering both Audited by Secure Application vulnerability scans and port scans. As well as managing individual scans, summary and billing data is available showing an overview of activity over user-defined time periods.

Access to the web interface is controlled using user accounts, and has the ability to provide reports that are accessible to specific users who may not have access to the interface otherwise - for example, hosting companies can allow their customers to access Audited by Secure Application reports that pertain to their infrastructure.

API

The JSON-based API can be used to interact with the service programmatically, scheduling both Audited by Secure Application scans and port scans. Access to the API is secured using SSL client certificates.

As well as offering methods to start, stop, and schedule scans the API provides the ability to compute the difference between two port scans, for example an ICMP scan difference is shown below:

{ "scan1": { "changed": {"10.0.0.1": { "state": {"from": "down", "to": "up" } } }, "removed": { "10.0.0.2": {"state": "up" } }, "added": { "10.0.0.3": {"state": "up" } } } }

Application Security

Compliance

Data Security & Privacy

Incident Response

Network Security

© 2021 Secure Application. All Rights Reserved