Security Scans

System & Web Application Scan

Getting your security analysis started quickly

Systems that can be accessed via the internet are particularly vulnerable. IT system downtimes, for example, can jeopardise customer satisfaction within minutes, harm a company’s reputation within hours and threaten a company’s existence within just a few days.

Hackers attack both the services and the web applications running on IT systems. We therefore offer two versions of our security scans: the System Security Scan for IT systems and the Web Application Security Scan for web applications. This way you gain a comprehensive understanding of your security level.

What scan types do we offer?

 

System security scan

Our System Security Scans check your internal and external IT systems (such as web servers, mail servers, file servers) for several thousands of vulnerabilities, always in line with the latest research. We use standardised, internationally recognised scanning procedures and base our review of your scan results on renowned security standards. Scans can be performed externally over the internet (External System Security Scans) or as optional internal scans via a VPN tunnel (Internal System Security Scans).

 

Web application security scan

With our Web Application Security Scans, you check your external (internet-accessible) and internal web applications for weak points and security vulnerabilities. You’d also like to check the web application “behind the login” and therefore the area with particularly sensitive data, then you need an authenticated scan. For this, you can use our web application security scan, performed from the user perspective by means of access data from you. The web application security scan identifies frequently occurring security gaps, including:

  • Cross-Site Scripting (XSS)
  • SQL, Command und XPath Injections
  • Directory und Path Traversal
  • Security Misconfigurations

 

Security Scan Facts

Ihr Titel

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

What are the phases of a System Security Scan?

Planning

During the planning phase, we determine the IP adresses of the IT systems you wish to scan and schedule a time window for the scan. On request, we also assist you in setting up a VPN tunnel (for internal scans).

Scan
We check your IT systems for relevant security vulnerabilities and irregularities using a standardised, internationally recognised procedure. We do not exploit vulnerabilities we identify. The risk of disrupting normal operations of your IT systems is therefore reduced to almost zero.

Review
One of our IT security specialists reviews your scan results. We base our evaluations of vulnerabilities on international, renowned security standards.

Report
You receive a conclusive comprehensive report comprising an Executive Summary and an English-language Technical Report. This report evaluates the criticality level and risk of occurrence of each vulnerability and gives recommendations on corrective measures.

What are the phases of a Web Application Security Scan?

Planning

During the planning phase, we determine the web application or the URL information of the web application you wish to scan as well as the form parameters required for a login. If required, we establish a VPN connection. We also schedule a time window for the scan.

Scan
We test your web application using a standardised, internationally recognised procedure. All public and, if available, non-public websites behind a login mask are taken into account. For this purpose you provide us with a test user (max. 1 role). In the first step, our scanner enumerates the various components of your application. You are welcome to support us by providing a complete sitemap so that we can guarantee the complete coverage of the application. Subsequently, our scanner performs the actual verification of the determined application parts. Detected weak points are not exploited. We do not exploit vulnerabilities we identify. The risk of disrupting normal operations of your IT systems is therefore nearly reduced to zero.

Review
One of our IT security specialists reviews your scan results. We base our evaluations of vulnerabilities on international, renowned security standards. You receive a conclusive comprehensive report comprising an Executive Summary and an English-language Technical Report. This report evaluates the criticality level and risk of occurrence of each vulnerability and gives recommendations on corrective measures.

Where is the service provided?

The services are provided from the offices of usd AG via the internet. If internal IT systems and applications are checked, this is done via a secure, encrypted connection. On request, services can also be provided on site.

Does it make sense to combine both types of scans?

Hackers attack both the services that are accessible on an IT system and web applications running on such a system. The combination of both scan types provides you with a complete security overview. Please contact us in this matter.

How often should scans be performed?

In principle, we recommend that IT systems and web applications should be scanned on a regular basis in order to be prepared if new attack scenarios occur. We therefore offer one-time scans as well as annual packages with four scans each for scanning in quarterly intervals. You are free to choose the scanning interval when placing your order.

Do you provide consulting support?

You will not be left alone with the scan result. Our experts will be happy to support you if any questions or problems arise.

Contact

 

Please contact us with any questions or queries.

 

Phone: +49 6102 8631-190
Email: sales@usd.de
PGP Key
S/MIME
Contact Form

 

Daniel Heyne
usd Team Lead Sales,
Security Consultant Pentest, OSCP, OSCE