Open Web Application Security Project (OWASP) is an online community in the field of web application security which releases a list of top 10 vulnerabilities every year. The last time they released the list was in 2017. MTvScan detects each of those vulnerabilities and follows the rules laid out by OWASP. We scan for Cross-Site Scripting (XSS), SQL Injection, Insecure Deserialization, Sensitive Data Exposure etc. and report the vulnerabilities and provide recommendations to fix these issues.
Content change monitoring is an important feature provided by MTvScan. We scan each and every page of the website to detect any changes. Every change is monitored throughout the website along with percentage of change with the respective URLs. Here we first create a snapshot of all the web pages and then scan each & every page for changes and report the irregularities found. This feature helps website owners to check whether there are any changes being done on the website without their concern or these are just illegitimate changes.
(Unique feature)- Website defacement check: Website defacement is an attack on a website that changes the visual appearance of the site or a webpage.
RBL(Real-time Black hole) lists IP addresses whose owners refuse to stop the growth of spams. RBL lists various server IP addresses from multiple ISPs whose users are responsible for spams. RBL also lists those ISPs whose servers are hijacked for spam relay.
Link crawling is a process of capturing all the webpages (URLs/links) present on the website. It helps us understand know how many webpages are there in our website and which are these pages related to. Site owner can also cross check whether these page are legitimate or not.
Banner grabbing is collection of information related to your website such as webserver information, header information and open ports. Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports. An intruder can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits. We do following things :
Check for SSL Poodle, BEAST, CRIME, Heartbleed, DROWN etc.In SSL Check, the following areas are checked: