{"id":10222,"date":"2018-06-25T09:01:47","date_gmt":"2018-06-25T09:01:47","guid":{"rendered":"http:\/\/www.esds.co.in\/blog\/?p=10222"},"modified":"2020-01-21T06:06:40","modified_gmt":"2020-01-21T06:06:40","slug":"features-of-esds-vtmscan-scanner","status":"publish","type":"post","link":"https:\/\/www.esds.co.in\/blog\/features-of-esds-vtmscan-scanner\/","title":{"rendered":"Features of ESDS VTMScan Scanner"},"content":{"rendered":"\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"454\" src=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/mtv_new-1-1024x454.png\" alt=\"\" class=\"wp-image-10333\" srcset=\"https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/mtv_new-1-1024x454.png 1024w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/mtv_new-1-150x67.png 150w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/mtv_new-1-300x133.png 300w, https:\/\/www.esds.co.in\/blog\/wp-content\/uploads\/2019\/05\/mtv_new-1-660x293.png 660w\" sizes=\"auto, (max-width: 1024px) 100vw, 1024px\" \/><\/figure><\/div>\n\n\n\n<p><p style=\"text-align: justify;\">Website security is important regardless the size of business. \nEntrepreneurs think that their website does not have any important or \nvaluable content for hackers to hack but that is not the truth. Hackers \nmake use of automated bots to crawl in a website to steal data and \nsensitive information as they do not discriminate in the size of \nbusiness or website.<\/p><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Let\u2019s have a look at the risk factors if you do not keep your website secure from cybercriminals:<\/p><\/p>\n\n\n\n<ol class=\"wp-block-list\"><li>DDoS Attacks \u2013 Sends traffic to overwhelm the systems<\/li><li>Inside Attacks \u2013 A person from inside the organization misusing the information<\/li><li>Malware \u2013 Designed to harm a system<\/li><li>Passwords Attacks \u2013 Hacking passwords for important portals or profiles<\/li><li>Injection \u2013 Defacement of website<\/li><li>Spam \u2013 Emails and scams<\/li><li>Phishing \u2013 Extracting sensitive information through luring<\/li><li>Interception \u2013 Obtaining credit and debit card information<\/li><\/ol>\n\n\n\n<p><p style=\"text-align: justify;\">When you have a trustworthy website security scanner like ESDS VTMScan,\n you don\u2019t need to worry about the threats and vulnerabilities in your \nwebsite. These are the features provided by ESDS VTMScan:<\/p><\/p>\n\n\n\n<ul><li>\n<strong>Domain reputation in Google, SURBL, Malware Patrol, Clean-Mx, Phishtank:<\/strong>\n<p style=\"text-align: justify;\">You can check if your domain is listed on various databases like \nGoogle, Malware Patrol, Clean-Mx and Phishtank. These databases stores \nand organizes IP addresses which involve malware, spamming and Phishing \nactivities.<\/li><li><\/p><\/p>\n<strong>Mail server IP Check in 58 RBL repositories:<\/strong>\nRBL lists IP addresses whose owners refuse to stop the growth of \nspams. RBL lists various server IP addresses from multiple ISPs whose \nusers are responsible for spams. RBL also lists those ISPs whose servers\n are hijacked for spam relay.<\/li><li>\n<strong>Scan SQL Injections for MySQL, MSSQL, PGSQL, Oracle databases<\/strong>\n<p style=\"text-align: justify;\">SQL (Structured Query Language) injections is a trick that exploits \npoorly filtered or not correctly escaped SQL queries which injects \nvulnerabilities and permits anyone to build a well-crafted URL to pull \ndown names, credit card numbers and other sensitive information.<\/li><li><\/p>\n<strong>Scans Local file injections (LFI):<\/strong>\n<p style=\"text-align: justify;\">Local File Injections (LFI) is a process where a file or a script is \ninjected on a server through a web browser which allows directory \ntraversals characters to be injected if the page is not sanitized which \nalso leads to information disclosure.<\/li><li><\/p>\n<strong>Scan Remote file inclusion (RFI):<\/strong>\n<p style=\"text-align: justify;\">Remote File Inclusion (RFI) is an attack which looks for \nvulnerabilities in a web application to include a remote file through a \nscript on the web browser. The perpetrator wants to exploit the \nfunctions in an application to upload malware from a different domain.<\/li><li><\/p>\n<strong>Scan XSS \u2013 Cross Site Scripting<\/strong>:\n<p style=\"text-align: justify;\">Cross Site Scripting (XSS) refers to client side code injection \nattack wherein the attacker is able to execute malicious codes (also \nknown as payloads) in a website or a web application. This is one of the\n most widespread web application vulnerability. ESDS VTMScan detects form on \nthe Webpages and scan for GET and POST requests.<\/li><li><\/p>\n<strong>Scan Malware<\/strong>:\n<p style=\"text-align: justify;\">Website Defacement Check \u2013 Website Defacement is an attack on the \nwebsite that changes the visual appearance of the website or the \nwebpage. <a href=\"https:\/\/esds.co.in\/security\/vtmscan\"><strong>ESDS VTMScan scans JavaScript code for dangerous functions like<\/strong><\/a> \neval, base64_decode, char etc, through a special algorithm developed to \ndetect JavaScript complications. Malware monitoring focuses on detection\n of JavaScript, iFrame &amp; Defaced Keywords.<\/li><li><\/p>\n<strong>Detect and Scan CMS<\/strong>\n<p style=\"text-align: justify;\">Very few scanners detect and scan CMS like WordPress, Joomla, Drupal \nand vBulletin. ESDS VTMScan scans themes, plug-ins and unprotected admin \narea.<\/li><li><\/p>\n<strong>Open Port Application Vulnerability detection:<\/strong>\n<p style=\"text-align: justify;\">An open port will leave your network exposed to malicious attacks by \nhackers which will lead to compromising your network to worms and \nTrojans. ESDS VTMScan detects and displays all the open ports across every \nasset in the network.<\/li><li><\/p>\n<strong>Directory Scanning:<\/strong>\n<p style=\"text-align: justify;\">The Directory Scanner allows you to scan a particular directory on the web server for files containing XML messages.<\/li><li><\/p>\n<strong>Detect open sensitive \/ admin area of the site:<\/strong>\n<p style=\"text-align: justify;\">Scan various sensitive areas in a website which are not authorized to every individual. e.g. Admin Login page<\/li><li><\/p>\n<strong>Scan for Directory Indexing:<\/strong>\n<p style=\"text-align: justify;\">When a specific web request is made on a website by a user, the web \nserver searches the root directory for that particular request (page) \nand if it is not able to find the page the then, the server will issue a\n directory listing. This process discloses contents which are unintended\n for a user and eventually leads to further attacks in a system.<\/li><li><\/p>\n<strong>Scan Full Path disclosure in the pages:<\/strong>\n<p style=\"text-align: justify;\">Full Path Disclosure vulnerability enables the attacker to see the \npath of the webroot\/file using the load_file query to view page source. \nThis provides the attacker to access each and every file they wish to \nsee.<\/li><li><\/p>\n<strong>Scan Password auto complete enabled fields:<\/strong>\n<p style=\"text-align: justify;\">Many a times users provide username and passwords on a login form of a\n website and the default behavior for browsers is to store these \ncredentials in the browser itself. This makes it very easy for the \nhackers to steal the saved username and passwords.<\/li><li><\/p>\n<strong>Information disclosure:<\/strong>\n<p style=\"text-align: justify;\">This feature checks for email address and IP addresses in the page.<\/li><li><\/p>\n<strong>ViewState decoder:<\/strong>\n<p style=\"text-align: justify;\">It detects and tries to decode viewstates. ViewState Decoder debugs \nHTTP API to see what going in\/out for your website or application.<\/li><li><\/p>\n<strong>Scan password submission method:<\/strong>\n<p style=\"text-align: justify;\">Password submission method scans for those passwords forms which are \nin plain text and can be easily captured by sniffer utilities.<\/li><li><\/p>\n<strong>Authenticated area scanning:<\/strong>\n<p style=\"text-align: justify;\">An authenticated area scan is a vulnerability test which determines \nhow secure a network is from an inside point of view and scans \nrestricted areas like admin panels.<\/li><li><\/p>\n<strong>Reports<\/strong>\n<p style=\"text-align: justify;\">Users are mainly provided with two types of reports viz. Scan report \nand Domain Performance Report. Scan report shows scan details of \nindividual domains and the number of vulnerable links found. Domain \nPerformance Report shows various performance metrics of individual \ndomains. Users can get these reports on mail and can check detailed \nreports in the control panel.<\/li><li><\/p>\n<strong>Robust Link Crawler:<\/strong>\n<p style=\"text-align: justify;\">ESDS VTMScan is the key to efficient and comprehensive crawl which follows\n a path from various web pages, directory indexes, directory traversals,\n etc.<\/li><li><\/p>\n<strong>SSL Certificate checking:<\/strong>\n<p style=\"text-align: justify;\">Easily scan a HTTPS and verify the SSL certificate on your web server to check if it is correctly installed, valid and trusted.<\/li><li><\/p>\n<strong>Backdoor WebShell Locator (Client Side \u2013 Unique Feature):<\/strong>\n<p style=\"text-align: justify;\">Backdoor WebShell Locator scans for shells like php\/cgi \n(perl)\/asp\/aspx for commonly injected locations with their usual file \nnames.<\/li><li><\/p>\n<strong>WebShell Finder:<\/strong>\n<p style=\"text-align: justify;\">WebShell Finder allows you to scan each and every web page for a \nkeyword of your choice so it can detect a webshell even if it is \nrenamed.<\/li><li><\/p>\n<strong>Reverse IP domain check:<\/strong>\n<p style=\"text-align: justify;\">When you have a scanning domain hosted on a particular server, you \nare able to find all other domains on the same server for blacklist.<\/li><li><\/p>\n<strong>Deep Application Testing<\/strong>:\n<p style=\"text-align: justify;\">Our Deep Application Testing crawls your website for all the URL\u2019s \nwhich are scanned thoroughly to ensure your network and applications are\n secure.<\/li><li><\/p>\n<strong>OWASP Top 10:<\/strong>\n<p style=\"text-align: justify;\">Open Web Application Security Project (OWASP) is an online community \nin the field on web application security which releases a list of top 10\n vulnerabilities every year. The last time they released the list was \nback in 2017. ESDS VTMScan detects each of those vulnerabilities and follows \nthe rules laid out by OWASP.<\/li><li><\/p>\n<strong>Botnet Monitoring:<\/strong>\n<p style=\"text-align: justify;\">Botnet Monitoring deals with the detection of malicious code within JavaScript files and also scans undetectable Java Code.<\/li><li><\/p>\n<strong>Defaced Keyword Monitoring:<\/strong>\n<p style=\"text-align: justify;\">ESDS VTMScan proactively spots security issues on your website before an \nunauthorized hacking occurs. A defaced web page can cause severe damage \nto your business but early identification helps you secure it.<\/li><li><\/p>\n<strong>Content Change Monitoring:<\/strong>\n<p style=\"text-align: justify;\">Your entire website is scanned for any changes in the content where, \nESDS VTMScan creates a snapshot of the website and provides reports. Every \nchange is monitored throughout the website along with percentage of \nchange with respective URLs.<\/li><li><\/p>\n<strong>Schedule based Scan:<\/strong>\n<p style=\"text-align: justify;\">Users are able to set scan schedules on daily, weekly and monthly basis according to their requirements.<\/li><li><\/p>\n<strong>SSL Check: <\/strong><strong>In SSL Check, the following areas are checked:<\/strong>\n<p style=\"text-align: justify;\">In SSL check, ESDS VTMScan examines if the domain uses an invalid or \nexpired certificate and checks if a NULL Cipher is used or less than 128\n bits.<\/li><li><\/p>\n<strong>Managed by Security Experts:<\/strong>\n<p style=\"text-align: justify;\">ESDS VTMScan has been Developed &amp; Managed by Security Experts that have the combined experience of over 5 years<\/li><li><\/p>\n<strong>3ESDS VTMScan Scanner Dashboard<\/strong>:\n<p style=\"text-align: justify;\">ESDS VTMScan provides an easy to use dashboard which lets you perform functions like domain additions, examining reports etc.<\/li><li><\/p>\n<strong>Manual Scan:<\/strong>\n<p style=\"text-align: justify;\">Our security experts manually scan your website to detect \nvulnerabilities which can take about 4-5 days depending on the size of \nyour website.<\/li><li><\/p>\n<strong>WAF Detection: <\/strong>\n<p style=\"text-align: justify;\">ESDS VTMScan checks if you have installed Website Application Firewall (WAF) on your webserver.<\/li><li><\/p>\n<strong>CSRF Detection:<\/strong>\n<p style=\"text-align: justify;\">Cross Site Request Forgery (CSRF) is a vulnerability which comes with\n Cross Site Scripting (XSS) and allows the hacker to transmit malicious \ncommands to other user machine while browsing same site.<\/li><li><\/p>\n<strong>ClickJack Protection Check:<\/strong>\n<p style=\"text-align: justify;\">ESDS VTMScan checks if a particular webpage is protected against \nClickjacking. Clickjacking is an exploit in which malicious code is \nhidden beneath apparently legitimate buttons or other clickable content \non a website.<\/li><li><\/p>\n<strong>Page Source Scan:<\/strong>\n<p style=\"text-align: justify;\">The main purpose of Page Source Scan is to inspect each webpage and \nfind critical information or malwares. This scan also examines for shell\n files and incomplete password fields in case there is a chance for \ninformation leakage and disclosure.<\/li><li><\/p>\n<strong>OS Detection:<\/strong>\n<p style=\"text-align: justify;\">ESDS VTMScan lists down all the vulnerabilities present in a particular \nversion of operating system and also detects the operating system and \nthe versions installed on the webserver.<\/li><li><\/p>\n<strong>DNS Misconfiguration:<\/strong>\n<p style=\"text-align: justify;\">Misconfigured DNS may lead to critical information disclosure like \nlists of subdomain and other important IP Address thus, all the DNS \nsetting are checked to see if they are properly configure.<\/li><\/ul><\/p>\n\n\n\n<p><p style=\"text-align: justify;\">Making use of a website security scanner like <a href=\"https:\/\/esds.co.in\/security\/vtmscan\"><strong>ESDS VTMScan<\/strong><\/a> will take care \nof all the potential threat your website faces. There are about 100 \nvulnerabitlies which ESDS VTMScan detects.<\/p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Website security is important regardless the size of business. Entrepreneurs think that their website does not have any important or valuable content for hackers to hack but that is not the truth. Hackers make use of automated bots to crawl in a website to steal data and sensitive information as they do not discriminate in&#8230; <\/p>\n<div class=\"clear\"><\/div>\n<p><a href=\"https:\/\/www.esds.co.in\/blog\/features-of-esds-vtmscan-scanner\/\" class=\"gdlr-button small excerpt-read-more\">Read More<\/a><\/p>\n","protected":false},"author":44,"featured_media":10333,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1271],"tags":[1913,511,1195,1965],"class_list":["post-10222","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-security-2","tag-malware-scanner","tag-security","tag-website-security","tag-website-security-features"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10222","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/users\/44"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/comments?post=10222"}],"version-history":[{"count":3,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10222\/revisions"}],"predecessor-version":[{"id":11148,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/posts\/10222\/revisions\/11148"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media\/10333"}],"wp:attachment":[{"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/media?parent=10222"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/categories?post=10222"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esds.co.in\/blog\/wp-json\/wp\/v2\/tags?post=10222"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}