Protection Against All The
Current Threats
- Malware Attacks Scan
- Reputation Check
The Perfect Port In All Future Web Security Storms
- In-Depth Monitoring
- 24/7 Incident Monitoring & Response
WHY CHOOSE VTMScan?
VTMScan delivers an exuberant delivery experience to the users by the means of websites and web applications.
VTMScan helps in securing your online presence at all times.
In web security, it is important to understand what prevention means and VTMScan helps you by providing a deep scanning solution backed by instant alerts. With VTMScan it can’t get simpler and more cost-effective.
Be at comfort when you know you’re protected.
Get assistance with-
- Faster responses
- Proactive and dedicated team
- In-depth scanning
- Through and thorough solution
- Advanced Security
- Best UX
- Advanced Application Protection
Enhance Your Website Security With VTMScan to Protect Your Digital Assets
Search Engine Friendly
Automatic scanning for CMS and an agent-based server-side scanning
Threat Detection
Proactively scanning malware, security threats, infections, botnets, etc.
Keeps the Web Servers Fit
Performing open port scanning for all security threats & checking mail server IP
Website Attacks Prevention
Special defence against all types of exploits, advisory security patches, complete trusted and tested security for websites
Proactive & Flaws Detection
Instant mail alerts and warning alarms for web pages and codes, especially scan reports
Specializes in Quick Detection
Remote web-shell and unexpected file-detection along with CMS specific scanning such as WordPress, Joomla.
| Reputation and Blacklist Monitoring | ||
| Reputation Monitoring | ||
| Blacklist Monitoring | ||
| Basic assessment | ||
| Http security header check | ||
| OS Vulnerability detection | ||
| Banner grabbing | ||
| Standard Malware Detection | ||
| SQL Injection | ||
| Cross Site Scripting | ||
| Malware Detection | ||
| Webpage Defacement Detection | ||
| Insecure Deserialization | ||
| Local File Inclusion | ||
| Remote File Inclusion | ||
| Advanced Malware Detection | ||
| Content Change Monitoring | - | |
| Phishing Page Detection | - | |
| Defined scan time | - | |
| CMS Scan | - | |
| Port Scan | - | |
| SSL Scan | - | |
| URL Monitoring | - | |
| Cross-Site Request Forgery | - | |
| Additional Functionality | ||
| Error reporting including recommendation | ||
| Email Support |
OWASP Top 10:
Open Web Application Security Project (OWASP) refers to an online community that works in the domain of web application security. It releases the list of top-10 vulnerabilities after every few years. VTMScan identifies these vulnerabilities and complies with the rules laid by OWASP. VTMScan scans for Cross-site Scripting, SQL Injections, etc. and report these vulnerabilities along with recommendations to cure these issues.
Content Change Monitoring:
VTMScan provides Content Change Monitoring and is an important feature. It scans every page of the website for detecting if any change has occurred. Every change is observed across the entire website along with the respective percentage in the URLs. Here, a snapshot is generated of all the webpages and then each page is scanned for any modifications and changes. Once this is done, irregularities are reported, if any. This feature is of great benefit for the website owners for checking if any changes are being done on the website without their concern.
Malware Scan
Website defacement refers to an attack on a website that can the visual appearance of a webpage.
- Forced redirected test for injections
- Scanning JavaScript code snippets for generic signatures. Checking for any iframes
- Special algorithm devised for detecting JavaScript Obfuscation. Obfuscation is used for converting vulnerable codes into a format that can’t be read easily
- Checking for third-party links from reputed databases
- Malware monitoring is mostly done for the detection of JavaScript, iframe & Defaced keywords. JavaScript is checked for malicious code. The website is also scanned for any defaced keywords
Phishing
Protecting the customers and safeguarding the website as well as web applications with VTMScan
- Look for similar domains
- URL hijacking and URL hijacking can be analogous to the website address of the victim or can be of the either forms-
- Common misspelling or use of foreign language
- Misspelling such as typographical error
- Swapping letters in the URL
- Using different domain names
- Detection of any Punycode phishing attacks
CMS Scan
- Very less number of scanners are provided in this feature
- Detects CMS tools such as- WordPress, Joomla, Drupal, etc.
- Scanning is done for themes, plugins and unprotected admin area
- Enumerating users
- Use of brute-force for detection of simple passwords
- Scanning of File Path Disclosures or FPDs
- Detecting CMS across all directories
Domain Reputation Check
Domain reputation check done in Google, SURBL, Malware Patrol, Clean-MX and Phishtank
- VTMScan performs checking of the user domain across popular domain databases like- Google, SURBL, Malware Patrol, Clean-MX and Phishtank. These have an in-house database that contains the IP addresses and domains that might be extracted for malware, spamming and other phishing activities
Mail server IP check-in 58 RBL Repositories:
RBL or Real-time Blackhole Lists contain IP addresses of all those owners who’ve declined to stop the growth of spams. RBL lists all such IP address from several ISPs and identifies users who’re responsible for all these spams. RBL can also form the list of all ISPs whose servers have been hijacked for serving the purpose of spam relay. VTMScan performs checking of mail server IPs in 58 RBL repositories.
Robust Link Crawling
Link crawling refers to a process of capturing all the URLs of a website. It can be useful for VTMScan to understand how many webpages are existing at a given time instance on websites and what are all these webpages relating to. The website owner can perform cross-checking of his webpages to identify whether they are legitimate or not.
VTMScan performs following tasks under link crawling-
- Crawling links from various sources such as- web pages, robots.txt, iframes, hacker’s favorite search engines, directory indexes, and directory traversals.
- Checking admin and directory busters.
- Checking the directory access
Banner Grabbing
Banner grabbing refers to collecting information related to the user website such as- web server information, header info as well as open ports. Banner grabbing is a technique that is used for gaining information regarding a computer system over a network and the associated services that are running on its open ports. Any intruder can use the banner grabbing for finding network hosts running different versions of applications and OS by using the most-known exploits.
VTMScan performs checks for following-
- Scanning of ports
- Detecting operating systems
- Detection of Web Application Firewall (WAF)
SSL Scan
VTMScan validates checking for SSL Poodle, BEAST, CRIME, Heartbleed, DROWN, etc.
Under SSL Check, the following checks are performed by VTMScan-
- NULL Cipher used or is less than 128 bits
- Domain is using an invalid security certificate
- Domain is using an expired security certificate
- Domain using security that is going to expire by the end-of-day
LFI & RFI Detection
Local File Intrusion (LFI):
Local File Intrusion refers to a process where the file or a script has been injected on a server using a web browser, allowing traversals in local directories to be injected in case the page is not ‘sanitized’. This attack can give rise to the disclosure of user-sensitive information.
Remote File Inclusion (RFI):
Remote File Intrusion depicts an attack that can explore for vulnerabilities in a web application for including a remote file using a script on the web browser. The intruder might want to exploit the functionalities in an application for uploading malware from different domains.
A: Yes, VTMScan performs scanning for subdomains of your website, but you need to provide the subdomains in the additional domain field when you schedule your scan.
Q: Can VTMScan schedule a website scan as per the user time frame?A: Yes, VTMScan can schedule scans as per the user time frame, thereby not affecting the user website during the crucial and peak times. Users are also provided with a custom scan option where the user can himself set the time frame as per his needs.
Q: What is OS Detection in VTMScan?A: OS Detection is one of the significant and key features that VTMScan possesses. Most of the time website is coded very securely and becomes very hard to crack. So, the online hackers target the website server’s Operating System. VTMScan predicts the Operating System that you’re using and provides you with vulnerabilities regarding your website.
Q: How exactly does VTMScan Ports remotely?A: VTMScan evaluates all ports on the server. It then determines all the open ports along with services/products that are running on these ports. It verifies those products in the vulnerability database and reverts with alerts in case any product is vulnerable.
Q: Does VTMScan install any agents on my website?A : No, VTMScan does not install any agent. VTMScan takes care that it sends you harmless requests and payloads that are not going to affect the performance and availability of your website.
Q : What is WAF?A : A web application firewall (WAF) refers to an application, server plugin or filter that uses a set of rules for an HTTP conversion. Usually, these rules comprise of common attacks like- cross-site scripting (XSS) and SQL injections. By modifying these rules to the user application, several attacks can be identified and blocked. The effort is to perform customization that is significant and has to be maintained as the application has been modified.
Q : What is Content Change Monitoring and it's usage?A : Content Change Monitoring is an essential feature of VTMScan that compares the state of your user website with a snapshot of the user website that was previously taken by the user. It informs the user if any changes are observed on the website.
Q : Is Authentication Based Scanning supported by VTMScan?A : Yes, VTMScan does support authentication-based scanning using htaccess and web-based authentication.
Q : What do you mean by a CSRF vulnerability?A : CSRF or cross-site request forgery is a one-click attack or session and a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Cross-site scripting exploits the trust of a user on a site, however, CSRF exploits the trust of a website on a user’s browser.
Q : Does VTMScan detects CMS? If Yes, then which types of CMS are detected?A : Yes, CMS is detected in VTMScan. The types of CMS that are detected and scanned in VTMScan include- WordPress, Joomla, vBulletin and Drupal.
Q : How do I get my domain off the phishtank blacklist?A : Do visit the page- http://www.phishtank.com/contact.php and follow the instructions to report any incorrect phishing page.
