Get web security and web application security protection. Learn more about Devfense WSA
Web vulnerability? Get website security protection
Devfense WSA Web Security Assessment
Your business' website or web application was already hacked. Or you want to prevent that from happening. We can help.
Devfense WSA (Web Security Assessment) protects your website and web applications from hackers and web security threats.
Finds vulnerabilities to hackers
in
your web applications
with web application vulnerability scanning tools and qualified
expertise
Recommends
remedies for web vulnerabilities.
Fixes can
be carried out using
your own IT resources or by deploying our web security tools and
experts
Provides
security compliance reports specific to your
industry to help provide better understanding of your compliance
level
Pinpoints
and
fixes website problems early in the development
cycle
Helps
organizations become security compliant
Devfense WSA packaged service combines award-winning tools, security expertise and proven processes to help protect your web applications.
Devfense WSA Web Security Assessment Features
A web securityy assessment provides website protection, ROI and reduced IT costs
It is like having a team of security experts on staff, allowing your team to focus of building better applications and websites.
Devfense WSA also provides improved privacy and security compliance
Don't get hit with a "This site may harm your computer" warning that kills your traffic, online revenue and reputation. Devfense WSA comprehensive assessments, reports, and expert services allow you to focus on your business and assure consumer confidence.
Devfense WSA delivers significant return on investment for your business
When your company takes steps to secure your web applications, you avoid costly legal bills and crisis management costs that come with a security breach. And when visitors to your website know you've put protections in place for them, you'll have improved brand awareness, loyalty and sales.
Are you ready to get serious about security? Protect your brand, intellectual property and web-based business. Contact us about Devfense WSA today
Devfense WSA Web Security Assessment FAQ
Here are the answers to the most common questions about Devfense WSA:
Purchasing Devfense WSA
How much does Devfense WSA cost?
Devfense WSA Features
How is Devfense WSA
deployed after purchase?
What types of web application
threats does Devfense WSA protect against?
How reliable is a
Devfense WSA web security assessment?
What kinds of web application
security reports does Devfense WSA provide?
Web Application Security Compliance
What are the compliance regulations that provide standards for web application security?
Why is it necessary to be compliant with web application security regulations?
Hackers and Web Security Threats
Why are hackers trying to insert malicious code into web applications?
There is a message on
my website that reads "This site may harm your computer".
Why is it there?
How much does Devfense WSA
cost?
Websites vary in size from a single page to over one million pages. Web
applications also have a wide range of complexity.
Boonbox will provide a customized quote for you based on the particular
specifications of the web applications you wish to make secure with
Devfense
WSA.
To request a quote, contact Boonbox
How is Devfense WSA deployed after purchase?
During the purchase process, your organization provides access to your
website for the Devfense WSA web assessment. Devfense WSA scans your
website
comprehensively for vulnerabilities. After the scan is complete,
security
reports are delivered by email. Devfense WSA clients then have the
option of
using internal IT resources to fix the problems or using PCIS' web
security
consultants.
What types of web application threats does Devfense WSA
protect
against?
Devfense WSA tests for common web application vulnerabilities such as
those
identified in the WASC (Web Application Security Consortium), OWASP
(Open Web
Application Security Project), and SANS (SysAdmin, Audit, Network,
Security)
Institute's top 20 - including cross site scripting, injection flaws,
and
buffer overflows.
How reliable is a Devfense WSA web security assessment?
Devfense WSA web assessments are performed with award-winning, market
and
industry leading software (as cited by IDC and Gartner).
What kinds of web application compliance reports does Devfense
WSA
provide?
Devfense WSA reports help organizations move towards critical
compliance
according to regulations set by PCI DSS (The Payment Card Industry Data
Security Standard), Visa's Payment Application Best Practices,
MasterCard
SCP, Privacy Act, FIPPA (Freedom of Information and Protection of
Privacy
Act), PIPED Act, Management of Information Security Technology (MITS),
Children Online Privacy Protection Act (COPPA), Sarbanes-Oxley Act
(SOX),
HIPAA, Federal Information Security Management (FISMA), Electronic
Funds and
Transfer (EFTA), Financial Service Modernization Act Gramm-Leach Bliley
(GLBA), Securities Act, Microsoft Security Standards (MSS), DCID, and
Defense
Information Systems Agency (DISA).
Contact us
for a complete
list of compliance regulations we support and to see which regulations
apply
to your industry.
Does Devfense WSA web assessment provide complete
vulnerability scanning
of the latest Web 2.0 technologies?
Yes, Devfense WSA includes enhanced support of Flash, JavaScript, AJAX
and
JSON and Web Services.
What are the compliance regulations that provide standards for
web
application security?
Organizations that use web applications for any purpose, not just
e-commerce,
are subject to a wide range of national and international regulations
that
protect the rights and information of users. Below is a current list of
some
of the most common regulations governing web security.
-
PCI DSS (The Payment Card Industry Data Security Standard):
The PCI DSS includes requirements for security management, policies,
procedures, network architecture, software design and other critical
protective measures.
Visa's Payment Application Best Practices (PABP): These regulations to assist software vendors in creating secure payment applications that help merchants and agents mitigate compromises, prevent storage of sensitive cardholder data and support overall compliance with the PCI Data Security Standard (PCI DSS).
MasterCard SCP: A security standard that helps merchants and agents mitigate security threats and prevent storage of sensitive cardholder data.
Privacy Act, FIPPA (Freedom of Information and Protection of Privacy Act): This standard governs access to university information. It also protects the privacy of individuals with respect to personal information about themselves held by universities.
PIPED Act: This Act supports and promotes electronic commerce by protecting personal information that is collected, used or disclosed in certain circumstances, by providing for the use of electronic means to communicate or record information or transactions.
Management of Information Security Technology (MITS): The Management of Information Technology Security (MITS) standard defines baseline security requirements that Canadian federal government departments must fulfill to ensure the security of information and information technology (IT) assets under their control.
Children Online Privacy Protection Act (COPPA): The Children's Online Privacy Protection Act of 1998 (COPPA) is a United States federal law detailing what a website operator must include in a privacy policy, when and how to seek verifiable consent from a parent or guardian, and what responsibilities an operator has to protect children's privacy and safety online including restrictions on the marketing to those under 13.
Sarbanes-Oxley Act (SOX): This Act establishes new or enhanced standards for all U.S. public company boards, management, and public accounting firms.
HIPAA: This US regulation requires the establishment of national standards for electronic health care transactions and national identifiers for providers, health insurance plans, and employers.
Federal Information Security Management (FISMA): This improves computer and network security within the Federal Government and affiliated parties by mandating yearly assessments.
Electronic Funds and Transfer (EFTA): This association is a leading inter-industry professional association promoting the adoption of electronic payment systems and commerce.
Financial Service Modernization Act Gramm-Leach Bliley (GLBA): The GLBA governs how financial institutions provide and share information with and about their clients.
Securities Act: This US Act regulates the offer and sale of securities.
Microsoft Security Standards (MSS): This standard provides detailed recommendations on the proper configuration of Microsoft Windows environments to ensure security compliance.
DCI: This regulation defines the certification and accreditation process used by federal agencies working on intelligence projects. Defense Information Systems Agency (DISA): This agency is responsible for planning, engineering, acquiring, fielding, and supporting global net-centric solutions to serve the needs of the US political leadership and armed forces.
Why is it necessary to be compliant with web application
security
regulations?
Failure to comply with these web security regulations can result in
civil
litigation and criminal proceedings. A single web security breach could
cost
an organization between $9 million and $14 million in legal bills,
crisis
management and quick deployment of security solutions after the breach
has
occurred (Darwin Professional Underwriters).
Why are hackers trying to insert malicious code into web
applications?
Hackers may want to steal private information from the website's
organization
or from the website's visitors. Another type of hacker defaces
websites. Many
hackers these days carry out their activities on behalf of organized
crime.
There is a message on my website that reads "This site may
harm your
computer". Why is it there?
If your website has been hacked, all visitors to your site will be put
at
risk. Search engine companies are now alerting visitors so that they
can
avoid such sites. Typically, sites with these warnings face
significantly
reduced web traffic and online revenue. As well, the reputation of the
company that has the site is damaged.
Boonbox delivers measurable results. Increase your productivity, and security.
Devfense WSA Quick Features
- Addresses known security vulnerabilities such as cross site scripting and SQL injection.
- Analyzes and conducts comprehensive penetration Tests for vulnerabilities identified by OWASP, WASC, PCI DSS, international privacy legislation and SANS Top 20.
- Provides advanced security coverage of Web 2.0 technologies, including support of Flash, JavaScript, AJAX, JSON and web services.
- Delivers reports of compliance with your industry's regulations such as PCI DSS, HIPAA and SOX.
- Plugs into existing IT environments.
- Maintains an assessment of your compliance efforts.
- Delivers Boonbox security expertise to identify known web security issues.
Contact Us
A name you can trust:
