VTMScan delivers an exuberant delivery experience to the users by the means of websites and web applications.
VTMScan helps in securing your online presence at all times.
In web security, it is important to understand what prevention means and VTMScan helps you by providing a deep scanning solution backed by instant alerts. With VTMScan it can’t get simpler and more cost-effective.
Automatic scanning for CMS and an agent-based server-side scanning
Proactively scanning malware, security threats, infections, botnets, etc.
Performing open port scanning for all security threats & checking mail server IP
Special defence against all types of exploits, advisory security patches, complete trusted and tested security for websites
Instant mail alerts and warning alarms for web pages and codes, especially scan reports
Remote web-shell and unexpected file-detection along with CMS specific scanning such as WordPress, Joomla.
Reputation and Blacklist Monitoring | ||
Reputation Monitoring | ||
Blacklist Monitoring | ||
Basic assessment | ||
Http security header check | ||
OS Vulnerability detection | ||
Banner grabbing | ||
Standard Malware Detection | ||
SQL Injection | ||
Cross Site Scripting | ||
Malware Detection | ||
Webpage Defacement Detection | ||
Insecure Deserialization | ||
Local File Inclusion | ||
Remote File Inclusion | ||
Advanced Malware Detection | ||
Content Change Monitoring | - | |
Phishing Page Detection | - | |
Defined scan time | - | |
CMS Scan | - | |
Port Scan | - | |
SSL Scan | - | |
URL Monitoring | - | |
Cross-Site Request Forgery | - | |
Additional Functionality | ||
Error reporting including recommendation | ||
Email Support |
Open Web Application Security Project (OWASP) refers to an online community that works in the domain of web application security. It releases the list of top-10 vulnerabilities after every few years. VTMScan identifies these vulnerabilities and complies with the rules laid by OWASP. VTMScan scans for Cross-site Scripting, SQL Injections, etc. and report these vulnerabilities along with recommendations to cure these issues.
VTMScan provides Content Change Monitoring and is an important feature. It scans every page of the website for detecting if any change has occurred. Every change is observed across the entire website along with the respective percentage in the URLs. Here, a snapshot is generated of all the webpages and then each page is scanned for any modifications and changes. Once this is done, irregularities are reported, if any. This feature is of great benefit for the website owners for checking if any changes are being done on the website without their concern.
Website defacement refers to an attack on a website that can the visual appearance of a webpage.
Protecting the customers and safeguarding the website as well as web applications with VTMScan
Domain reputation check done in Google, SURBL, Malware Patrol, Clean-MX and Phishtank
Mail server IP check-in 58 RBL Repositories:
RBL or Real-time Blackhole Lists contain IP addresses of all those owners who’ve declined to stop the growth of spams. RBL lists all such IP address from several ISPs and identifies users who’re responsible for all these spams. RBL can also form the list of all ISPs whose servers have been hijacked for serving the purpose of spam relay. VTMScan performs checking of mail server IPs in 58 RBL repositories.
Link crawling refers to a process of capturing all the URLs of a website. It can be useful for VTMScan to understand how many webpages are existing at a given time instance on websites and what are all these webpages relating to. The website owner can perform cross-checking of his webpages to identify whether they are legitimate or not.
VTMScan performs following tasks under link crawling-
Banner grabbing refers to collecting information related to the user website such as- web server information, header info as well as open ports. Banner grabbing is a technique that is used for gaining information regarding a computer system over a network and the associated services that are running on its open ports. Any intruder can use the banner grabbing for finding network hosts running different versions of applications and OS by using the most-known exploits.
VTMScan performs checks for following-
VTMScan validates checking for SSL Poodle, BEAST, CRIME, Heartbleed, DROWN, etc.
Under SSL Check, the following checks are performed by VTMScan-
Local File Intrusion (LFI):
Local File Intrusion refers to a process where the file or a script has been injected on a server using a web browser, allowing traversals in local directories to be injected in case the page is not ‘sanitized’. This attack can give rise to the disclosure of user-sensitive information.
Remote File Inclusion (RFI):
Remote File Intrusion depicts an attack that can explore for vulnerabilities in a web application for including a remote file using a script on the web browser. The intruder might want to exploit the functionalities in an application for uploading malware from different domains.
A: Yes, VTMScan performs scanning for subdomains of your website, but you need to provide the subdomains in the additional domain field when you schedule your scan.
Q: Can VTMScan schedule a website scan as per the user time frame?A: Yes, VTMScan can schedule scans as per the user time frame, thereby not affecting the user website during the crucial and peak times. Users are also provided with a custom scan option where the user can himself set the time frame as per his needs.
Q: What is OS Detection in VTMScan?A: OS Detection is one of the significant and key features that VTMScan possesses. Most of the time website is coded very securely and becomes very hard to crack. So, the online hackers target the website server’s Operating System. VTMScan predicts the Operating System that you’re using and provides you with vulnerabilities regarding your website.
Q: How exactly does VTMScan Ports remotely?A: VTMScan evaluates all ports on the server. It then determines all the open ports along with services/products that are running on these ports. It verifies those products in the vulnerability database and reverts with alerts in case any product is vulnerable.
Q: Does VTMScan install any agents on my website?A : No, VTMScan does not install any agent. VTMScan takes care that it sends you harmless requests and payloads that are not going to affect the performance and availability of your website.
Q : What is WAF?A : A web application firewall (WAF) refers to an application, server plugin or filter that uses a set of rules for an HTTP conversion. Usually, these rules comprise of common attacks like- cross-site scripting (XSS) and SQL injections. By modifying these rules to the user application, several attacks can be identified and blocked. The effort is to perform customization that is significant and has to be maintained as the application has been modified.
Q : What is Content Change Monitoring and it's usage?A : Content Change Monitoring is an essential feature of VTMScan that compares the state of your user website with a snapshot of the user website that was previously taken by the user. It informs the user if any changes are observed on the website.
Q : Is Authentication Based Scanning supported by VTMScan?A : Yes, VTMScan does support authentication-based scanning using htaccess and web-based authentication.
Q : What do you mean by a CSRF vulnerability?A : CSRF or cross-site request forgery is a one-click attack or session and a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Cross-site scripting exploits the trust of a user on a site, however, CSRF exploits the trust of a website on a user’s browser.
Q : Does VTMScan detects CMS? If Yes, then which types of CMS are detected?A : Yes, CMS is detected in VTMScan. The types of CMS that are detected and scanned in VTMScan include- WordPress, Joomla, vBulletin and Drupal.
Q : How do I get my domain off the phishtank blacklist?A : Do visit the page- http://www.phishtank.com/contact.php and follow the instructions to report any incorrect phishing page.
Host has been an incredible service provider to my company for years, supporting my VPS solutions. I could not be more impressed with their response time, communication, eagerness to solve problems (and explaining the problem), and overall customer service. Whatever the issue, critical or not, they exceed expectations on response times...often receiving support within just a couple minutes. Highly Recommended!! Thanks for being Incredible! -Israr Ahmad, CTO, ZWave Technologies Pvt. LTD.
Host has built a great reputation in the industry for their shared hosting options. Their VPS solutions, with optional cPanel support, provide a nice and easy introduction to those that are new to VPS hosting and know their needs require more than a typical shared host. Starting at low price points, Host makes transitioning to a VPS plan reasonable and doable. Host’s strongest point comes from their state of the art datacenter. Featuring a fully-redundant network with no single point of failure and multiple bandwidth providers, uptime should almost never be a concern.
Being in education sector it was important for us to have an online platform which can provide complete information about our college. The website needed to be interactive and user friendly and provide an online platform for admissions and registrations. We came across Host.co.in who offered us a complete solution including Domain Registrations, Website Development & Hosting services.
We have moved our site to Host, and the support provided was excellent, we could not have done it without your help. “When comparing the performance-versus-price of VPS plans, Host is a solid value in VPS hosting. In addition to great pricing, they offer premium support and excellent uptime compared to other VPS options in the industry. If you’ve outgrown shared hosting, or need the flexibility and security of a VPS, Host is a great choice for you. We look forward to a long relationship.