[Data Sheet]
Overview
Most Web application systems are tailor-made and delivered in source codes by suppliers, performing specific functions by running dynamic resolutions in different application environments. This brings new challenges to the security management of web application systems. A sole relying on patching passively doesn’t work, since the application developers can hardly provide generic patches like Windows vulnerability patches. A more preemptive and proactive method is needed — using dedicated web vulnerability solution for web security assessment. This solution should help security and development teams detect hidden vulnerabilities in the protected web applications or websites, and harden the systems before these vulnerabilities are exploited by hackers.
NSFOCUS Web Vulnerability Scanning System (NSFOCUS WVSS) is an industry-leading web vulnerability scanning solution against the above challenges, powered by NSFOCUS’s years of expert research and on-hand experience in application security. This solution allows automatic security assessment of all resources on your website by a simple point and shoot. It simulates website visitor’s behaviors, such as button click, cursor movement, and complex form filling, detects potential vulnerabilities in the web application systems via the built-in security models, and provides priority-based fixing suggestions as well as actionable analysis reports. Moreover, NSFOCUS WVSS can automatically interact with NSFOCSUS Web Application Firewall (NSFOCUS WAF) to generate smart patches for automatic vulnerability fixing, effectively enhancing security management.
Customer Benefits
Accurate Analysis on Website Vulnerabilities
NSFOCUS WVSS has professional web application security scanning and has established an industry-leading in website scanning and vulnerability analysis. It can intelligently recognize
NSFOCUS Web Vulnerability
Scanning System
Customer Benefits
Accurate Analysis on
Website Vulnerabilities
Fast scan on Large-scale
Websites
Close-loop Website Security
with WAF
Flexible and Adaptable to
Virtualized Environment
[Data Sheet]
vulnerability templates and compatible with an internationally standard classification of vulnerability. It uses forensic scanning technology to provide detailed reports which can easily help customer locate and fix dangerous vulnerabilities. Experts of NSFOCUS always keep track of the emergency web incidents to update the web vulnerability base immediately which can guarantee the website business in time.
Fast Scan on Large-scale Websites
Backed by NSFOCUS’s in-depth researches in web application security, NSFOCUS WVSS adopts innovative technologies, including intelligent webpage crawling, dynamic resource adjustment, proxy cache, real-time task dispatching and URL-level loading balancing. It also has original advanced scanning evasion technology, and can correlate log analysis of each silo website. It can be set at constant scanning speed by manual or automatically adapting its speed to the context such as the bandwidth consumption. Powered by these industry-leading technologies, it can reach the highest scanning speed with zero impact on customer business, overcoming the challenges in scanning large-scale websites.
Close-loop Website Security with WAF
Relying on the original vulnerability tracking technology, NSFOCUS WVSS conducts statistical analysis on the entire process of vulnerability discovery, monitoring, and fixing. It can also correlate with NSFOCUS WAF to defend against the detected security threats. In this process, NSFOCUS WVSS automatically uploads the scanning reports onto NSFOCUS WAF where precise protection rules (“smart patch”) are generated and applied to the protected website, shaping a close-loop detection and defense.
[Data Sheet]
Flexible and Adaptable to Virtualized Environment
NSFOCUS WVSS can be easily deployed in the virtualized environment. With its independent virtualized management architecture, it can be supplied in software/ virtualized version as an on-demand technology to save extra maintenance expenses related to third-party hosting operating systems. It supports bare and hosting deployment modes. It can be installed on both segmented cloud hosts as well as on office computers, enabling efficient utilization of virtualized asset pools.
Key Features
In-depth Checking and Comprehensive Scan
An automatic analyzer for more web applications: such as multiple web technology (PHP, ASP, .NET, HTML), site type (Portal, E-government, Forum, Blog, Online banking), web applications (IIS, Apache, Tomcat), third-party component (Struts2, WebLogic, WordPress).
Large number of accurate scanning plugins: on the basis of an integrated NSFOCUS’s plugins, base of WVSS also includes extensive international vulnerabilities, for example OWASP TOP 10-2010 / 2013; WASC, etc. Users can custom Scanning plugin templates according to their personalized needs.
Immediate response of web attacks via keeping tracks of top web security incidents continuously, update vulnerability plugins for the first time.
Static and dynamic combination of proactive detection technology linked to registers. Identify known and unknown registers type.
Key Features
In-depth Checking and
Comprehensive Scan
Visualized Verification Of
Vulnerability
Distributed Cluster Scan
Global Risk Analysis and
[Data Sheet]
Visualized Verification of Vulnerability
Support the verification of common web vulnerabilities including SQL injection, Cross-Site Scripting and many others.
Batch verification is able to indicate where the vulnerability is in the code in manual or automatic verification mode. WVSS also allows correct the false verification.
Through detailed proposal repair the code error, open up blocked links to immediately discover and repair vulnerability.
Provide offline report with visualized verification scene which shows the vulnerabilities criterion from logic level provides the constructed request that is able to discover vulnerabilities, besides detailed list interactive data from code level.
Distributed Cluster Scan
Breaking traditional scanning methods achieve more granularity and in-depth URL scanning page-level load balancing, perfectly protect large-scale scanning via reliable and time-saving scanning technology.
[Data Sheet]
Conveniently and flexibly expand lower level node, dynamic equilibrium between assigned single or multiple tasks. Distributed cluster scan adopts variety of scanning scene. It can achieve real-time automatic speed governor even with a maximum number of 32 lower level nodes
Both management and scanning dual role. Focus on managing lower level node to scan and output summary reports
Global Risk Analysis and User-friendly Display
Dashboard:on the first page, summary data shows security risk posture of the target site helps understand the detail results as a quick entry firstly, such as last 10-Day overall risk level, last 30-Day top 10 dangerous website, up-to-date vulnerability info, single-website risk trend graph, network interface traffic, task progress, etc.
Relying on the original vulnerability tracking technology: Original vulnerability tracking technology carried from the dimension of vulnerability discovery timeline. It shows the entire process about monitoring and repairing which can be used to easily locate risk distribution.
[Data Sheet]
Multi-angle Reports:Multidimensional and professional reports not only provide single-site trend-report, but multi-site comparative risk report, automatically collection of the same type between multitasking vulnerability, etc. All vulnerabilities display based on the “site resource tree”. WVSS can generate reports when it’s scanning sites.
[Data Sheet]
Specifications
Detection and Testing
Trojan detection
Full coverage of Web 2.0 applications, including AJAX, Flash and JavaScript
PHP, ASP, .NET, Java and other programming languages
Web servers, such as IIS, Apache, and Nginx Proxy scanning
HTTPS scanning Flash attack detection
Authentication methods, such as Basic, NTLM, cookies, and SSL
Reports OWASP, WASC and other reports
Correlation with WAF Correlation with NSFOCUS WAF
Deployment IPv4, IPv6
Distributed deployment
Others Data interface capability
NSFOCUS
TEL: +86 10 68438880
EMAIL: [email protected]
NSFOCUS US
TEL: +1 408 907 6638
EMAIL: [email protected]
NSFOCUS Japan
TEL: +81 3 6206 8156
EMAIL: [email protected]
“NSFOCUS” is the trademark of NSFOCUS Information Technology Co., Ltd.
NSFOCUS enjoys all copyrights with respect to all textual narrations, document formats, illustrations, photographs, methods, processes and other contents, unless otherwise specified, which shall be governed by relevant property rights and copyright laws. Without written permission of NSFOCUS, any individual or institution shall be prohibited to copy or quote any section herein in any way.
