Web App Scanning
Automated and continuous vulnerability management of web applications such as websites and REST API scanning. Tests OWASP top 10 version 2017.
Web App Scanning
Automated and continuous vulnerability management for public and local systems, as well as cloud services. Cloud Scanners and virtual appliance for local scanning.
Features of the Web App Scanning Platform
Web apps – a frequent attack vector
Several independent experts estimate that about 70% of all web applications (websites) can be hacked. Gartner states that 75% of the attacks occur in the application layer, which makes web applications the most vulnerable layer in your IT environment. The fact that web applications are often exposed to the entire Internet dramatically increases the risk of vulnerabilities being exploited by malicious people.
Automated & continuous scanning of web applications
Our Web Application Scanning automatically and continuously scans your web apps and REST APIs for an ever-increasing number of vulnerabilities. Web applications detects vulnerabilities related to flawed code, misconfigured systems, weak passwords and exposed system information, personal data and code.
Using comprehensive information, smart and effective tools and our support service, you or your IT partner can effectively prioritize and rectify detected vulnerabilities before they are exploited by a malicious person.
In parallel with a scheduled scanning of your web applications, you can scan on demand at any time, for example in connection with changes and commissioning.
Covering the entire IT environment
Our scanners scan your public web applications, accessible via the Internet. By installing one or more Scanner Appliances in your local environments, behind your firewalls, we can scan all your web applications – even if your IT environment is present in several physical locations. All scanned data collected by our Scanner Appliances is presented in our control panel Security Center.
Vulnerability manager is a powerful tool for you to work effectively with vulnerabilities, regardless of whether you have a small number or thousands. You sort, group, ignore and prioritize the vulnerabilities in just the way that works best for you in the tool. The tool provides a range of functions for collaboration within your organization and with external partners, such as your IT partner.
In Continuous Monitoring, you can quickly and easily set up monitoring of changes that generates notifications and alarms. This tool removes the need to work in Security Center. Instead, you will be notified when new vulnerabilities are detected, when any changes are made and when vulnerabilities have been rectified. You can easily pinpoint, for example, web applications handling personal data for GDPR compliance.
The service includes a complete tool for remediation. The flow is largely automated. You set up rules for when to create cases and how to assign them. The tool supports integration with external remediation systems.
A number of ready-made templates are available in the service, and you can create your own reports – adapted for both technicians and specialists, as well as management, CEO and the board. The reports are distributed in encrypted form to, for example, your IT partner or system vendor. In parallel to creating reports automatically according to your desired schedule, you can create reports on demand at any time.
GDPR & NIS compliance
The service offers a range of GDPR and NIS compliance support functions. You can, among other things, pinpoint your web apps that handle personal data to monitor these and automatically generate continuous reports to the data controller.
LOGON works with corporate clients and systems integrators by offering Vulnerability Management that offer continuous monitoring, vector analytics and modeling, integration with Software Development Life Cycle, Threat intelligence platforms and deliver Graphical attack modeling and compliance reporting. LOGON offers products from Acunetix, NetSparker, Flexera / Secunia etc. Other security solutions include Veracode, Whitehat, OPSWAT, Tenable, QUALYS, etc.. These solutions offer both Static Analysis (SAST) and Dynamic Analysis (DAST) that help Penetration Testers test Vulnerability Remediation, Cyber Exposure needs and Risk Assessment.