Outpost24, a leader in vulnerability management solutions, has announced the launch of its Web Application Scanner, a product designed to address a critical security challenge facing organisations today.
An extension of Outpost24’s OUTSCAN and HIAB solutions, Outpost24’s Web Application Scanner uniquely enables both internal and external scanning, allowing organisations to scan thousands of public and custom websites and web applications quickly and easily, in order to identify vulnerabilities and their remedies.
According to recent research, vulnerabilities in web applications continue to be the most prevalent type of vulnerability affecting networks today.
With this in mind, organisations need to address vulnerabilities on both the low-level web-server and the application layer.
Outpost24’s Web Application Scanner automates the assessment of both the web server, as well pinpointing vulnerabilities in the bespoke web applications running on these servers.
"Politically motivated or otherwise, web attacks are a looming threat for organisations today," says Anders Persson, CEO of Outpost24.
"Organisations need to focus their security efforts on defending their networks from both web server flaws, as well as the more high-risk and complex threats found within web applications, otherwise, they run the risk of leaving themselves vulnerable to attack.
"Hopefully, as this issue moves further into the media spotlight, organisations will come to realise the importance in safeguarding against it."
Outpost24’s Web Application Scanner integrates easily with existing tools in order to provide unified reporting of both network and web vulnerabilities, and requires no additional software to be downloaded or installed.
Satisfying both compliance and internal security requirements the product seamlessly enables high speed scanning of systems, with average scan times taking under an hour.
Other key features and benefits of Outpost24’s Web Application Scanner include:
*Advanced user definable scope setting such as IP ranges, URI seed lists, URI white lists, URI black lists and virtual hosts.
*Scan crawler can be tuned for maximum links, request delays and custom transfer timeouts.
*New settings allow for many types of authenticated scanning such as HTML form, NTLM and HTTP basic authentication.
*Highly accurate detection of remote file include, local file include, command injection, code injection, format string issues, cross-site request forgery and CRLF injection.
"As with all our products, we developed this new solution in response to feedback from our customers," continues Persson.
"We wanted to provide our customers with even more thorough assessments in order to counter the next big security threat. Those who want to avoid the financial and reputational repercussions of a hacked website would do well to address this problem now."