Security Assessment
WEB INFRASTRUCTURE RISK ASSESSMENT
At a glance
WCS’s automated security scanner provides the highest level of detection of over 6,800 vulnerabilities with nearly 0% false positives. With our solution, you can check your website in just a few clicks and be sure of the highest security level of your web infrastructure.
What WIRA can find when scanning your website
01
Injection
The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.
02
Broken Authentication
Application functions related to authentication and session management are allowing attackers to compromise passwords.
03
Sensitive Data Exposure
Attackers may steal or modify the weakly protected data to carry out credit card fraud, identity theft, or other crimes.
04
XML External Entities
External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.
05
Broken Access Control
Attackers can exploit these flaws to access unauthorized functionality and/or data such as other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc.
06
Security Misconfiguration
Attackers can exploit these flaws to access unauthorized functionality and/or data such as other users’ accounts, view sensitive files, modify other users’ data, change access rights, etc.
07
Cross-Site Scripting XSS
XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
08
Insecure Deserialization
Insecure deserialization often leads to remote code execution.
09
Use of Components with Known Vulnerabilities
If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover.
10
Insufficient Logging and Monitoring
Most breach studies show that time to detect a breach is over 200 days and the breach is typically detected by external parties rather than internal processes or monitoring.