Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enterprise Class Security Scanner

Published byMargrethe Marthinsen Modified over 5 years ago

Similar presentations

Presentation on theme: "Enterprise Class Security Scanner"— Presentation transcript:

1 Enterprise Class Security Scanner
MTvScan (Malware, Threat, Vulnerability Scanner) Enterprise Class Security Scanner

2 Overview Industry findings Architecture Product Features
Features explained Scans

3 Industry findings Source: White Hat security May’13

4 MTvScan Architecture

5 MTvScan Features Domain Reputation SQL Injection scan
Cross site scripting(XSS) scan Intelliscan (Agent based server side scanning) Local file injection(LFI) scan Remote file injection(RFI) scan Malware scan Automatic CMS scanning Open ports scan

6 Domain Reputation Check Domain Reputation in Google, SURBL, Malware Patrol, Clean-Mx, Phish tank. Domain Mail server IP Check in 58 RBL(Real-time Blackhole List) and DNSBL (DNS-based Blackhole List) repositories.

7 SQL Injection Scan Scan for MySQL, MSSQL, PGSQL, Oracle databases. Checks for poorly filtered or in-correct escaped SQL queries into parsing variable data received from user input.

8 LFI & RFI Scans Scans for pages from which attackers can include a remote or a local file via a script from web browser. Occurs due to: Page include is not properly sanitized. Allows directory traversal characters to be injected. Due to the use of user-supplied input without proper validation. Can lead to other attacks such as cross site scripting (XSS), DDoS, Data Theft etc.

9 Cross Site Scripting (XSS) Scan
Scans for type of computer security vulnerability typically found in Web applications. It enables attackers to inject client-side script into Web pages viewed by other users. Scans each and every form in the webpages and scans for GET and POST requests.

10 Malware Scan It scans for page defacement. Scans JavaScript codes against generic signatures. Special algorithm developed to detect JavaScript Obfuscation. Obfuscation used to convert vulnerable codes into unreadable format. Third Party Links found in the page. It also checks third party links into Google malware database.

11 Intelliscan Agent based Server side scanning. Scans all files with generic signatures. Scan all files with LMD MD5 and Hex signatures. Analytics based Javascript obfuscation detection.

12 Automatic CMS scanning
Automatically detects CMS(Wordpress, Joomla, etc). Scans all themes, plugins, unprotected admin area. Brut forcing for simple password detection. FPD - File Path Disclosure scanning. *Any trademarks or logos used are the property of their respective owners

13 Open Ports scan Checks for all the ports on the server. Reports all the insecure ports.

14 Thank You

Download ppt "Enterprise Class Security Scanner"

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Past, Present and Future By Eoin Keary and Jim Manico

Past, Present and Future By Eoin Keary and Jim Manico
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.

Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.

1 MTvScan (Malware, Trojan, Viruses Scanner) Enterprise Class Security Scanner.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
INSTALLATION OF WORDPRESS. WORDPRESS WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many.

INSTALLATION OF WORDPRESS. WORDPRESS WordPress is an open source CMS, often used as a blog publishing application powered by PHP and MySQL. It has many.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.

Web Audit Vulnerability cross-site scripting (XSS) concerns by Ron Widitz.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
March Intensive: XSS Exploits

March Intensive: XSS Exploits
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.

Injection Attacks by Example SQL Injection and XSS Adam Forsythe Thomas Hollingsworth.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
Secure Search Engine Ivan Zhou Xinyi Dong. Project Overview  The Secure Search Engine project is a search engine that utilizes special modules to test.

Secure Search Engine Ivan Zhou Xinyi Dong. Project Overview  The Secure Search Engine project is a search engine that utilizes special modules to test.
SHASHANK MASHETTY Email security. Introduction Electronic mail most commonly referred to as email or e- mail. Electronic mail is one of the most commonly.

SHASHANK MASHETTY security. Introduction Electronic mail most commonly referred to as or e- mail. Electronic mail is one of the most commonly.
PHP Security.

PHP Security.
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.

Similar presentations

Ads by Google