Web App Scanning

The Dell SecureWorks Web Application Scanning service leverages QualysGuard Web application scanning technology to help you assess the security of your Web applications and identify flaws that could threaten your online presence or the confidentiality of your information. This service, delivered on demand, provides automated, self-service vulnerability scanning of internal and external Web-based applications to help you safeguard sensitive data and satisfy regulatory requirements.

The Web Application Scanning service:

Identifies and prioritizes vulnerabilities in Web applications
Dell SecureWorks understands the challenges with finding and assessing all of a Web application's functions - including browser and server interactions. To ensure the entire Web application is assessed, Dell SecureWorks Web Application Scanning service provides automated link crawling and testing to identify vulnerabilities, including those in the OWASP Top 10 Web application security and WASC Threat Classification security risks. These include critical and widespread vulnerabilities such as SQL Injection and Cross-site scripting.

Satisfies regulatory mandates for Web application security
Increasingly, compliance mandates demand much higher levels of organizational vigilance and professional attestation. According to the Web Application Security Consortium, "99 percent of Web applications are not compliant with PCI DSS standard." Unpatched vulnerabilities in both commercial and customer applications provide a doorway to your network and backend data and applications, putting your organization at significant risk of noncompliance with regulatory mandates. Dell SecureWorks Web Application Scanning shores up weaknesses in your web application infrastructure, bolsters your organizations' defenses and facilitates alignment with regulatory compliance mandates.

Protects sensitive data
Unpatched vulnerabilities in both commercial and proprietary applications can provide a doorway to your network and backend data and applications, enabling cyber criminals to steal and manipulate sensitive information. Dell SecureWorks understands the necessity to maintain a secure and reasonable balance between safeguarding both personal data and corporate intellectual property and making other data available to maintain business agility. By helping you shore up weaknesses in your web application infrastructure, Dell SecureWorks facilitates not only bolstering your organizations' defenses and proving compliance but also preempting internet data privacy and data leakage issues.

Lowers total cost of operations by reducing administrative overhead and automating repeatable testing processes
The Dell SecureWorks Web Application Scanning service enables you to extend your security team and reduce in-house responsibility for shoring up Web Application weaknesses. The service reduces administrative overhead by providing operational support such as configuring the technology, scheduling scans, expert review of results and manual validation of findings.

The Web Application Scanning service provides the following features:

• Comprehensive Web application scanning
• Dedicated WAS dashboard and access to our Vulnerability Management Services team
• Detects sensitive content in HTML (such as Credit Card number, SSNs and custom strings)
• Finds OWASP Top 10 and WASC Threat Classification security risk
• Supports dynamic and rich UI technologies, including JavaScript & Flash
• Tests all entry/attack points, including cookies, referrer, URL parameters, form fields and directories
• Management workflows to guide assessment activities
• Provides performance tuning and scheduling options
• Supports blacklisting and whitelisting of IPs and URLs
• Profiles Web applications to reduce false positives
• Catalogs and tracks status of scanned applications

Other Dell SecureWorks Web security services

Dell SecureWorks Web Application Scanning is part of our portfolio of Web security services.  Other services include:

• Web Application Firewall
• Security Monitoring
• Source Code Audit
• PCI Scanning