eNlight cloud gives you complete control and power to do more as you achieve superior performance on the World’s First Auto-Scalable cloud.
Register for eNlight cloud services by paying a one-time fee of Rs. 100 + GST which will be adjusted against your final cloud package amount once we begin your billing cycle.
Secure Your Website and Web Assets in These Challenging Times with ESDS VTMScan
An online statistic states that $3.92 million is the average amount of a data breach. This is a hefty amount for any business, which puts CTOs and other key business decision-makers always worried about data losses and breaches. To shred off their concerns about such losses to cybersecurity attacks, we have developed VTMScan, a complete web scanning tool. By leveraging VTMScan, CTOs don't need to worry about their website and web applications' security, as VTMScan scans for all forms of online threats and cyberattacks like OWASP Top-10 Vulnerabilities, SQL Injections, Cross-Site Scripting, to name a few. With VTMScan, users get complete protection of their website through a comprehensive audit of the website security.
Open Web Application Security Project (OWASP) is an online community in the field of web application security which releases a list of top 10 vulnerabilities every few years. ESDS VTMScan detects those vulnerabilities and follows the rules laid out by OWASP. We scan for Cross-Site Scripting (XSS), SQL Injection, Insecure Deserialization, Sensitive Data Exposure, Server Sider Request Forgery (SSRF), etc. and report the vulnerabilities and provide recommendations to fix these issues.HTML injections is similar to Cross-Site Scripting (XSS). It allows the attacker to inject the HTML code into the web pages that are viewed by the other users.
Change Monitoring is an important feature provided by ESDS VTMScan. We scan each and every page of the website to detect any changes. Every change is monitored throughout the website along with its percentage with the respective URLs. Here we first create a snapshot of all the web pages and then scan each & every page for changes and report the irregularities found. This feature helps website owners to check whether there are any changes being done on the website without their concern or these are just illegitimate changes. In content change monitoring VTMScan provides the three features viz, Content change monitoring, Image Change Monitoring, Visual change monitoring.
Website defacement check: Website defacement is an attack on a website that changes the visual appearance of the site or a webpage.
Protect your customers and safeguard your website and web application with ESDS VTMScan.
Domain reputation in Google, SURBL, Malware Patrol, Clean-Mx, Phishtank,Sorbs, Spamcop, Abusech, Isc.
ESDS VTMScan checks whether your domain is listed in these databases - Google, SURBL, Malware Patrol, Clean MX, PhishTank,Sorbs,Spamcop,Abusech,Isc.These organizations have their databases that stores IP addresses and domains which are extracted for malware, spamming, phishing activities.Mail server IP Check in 58 RBL repositories:
RBL (Real-time Blackhole Lists) have IP addresses whose owners refuse to stop the growth of spams. RBL lists various server IP addresses from multiple ISPs (Internet Service Providers) whose users are responsible for spams. RBL also lists those ISPs whose servers are hijacked for spam relay. ESDS VTMScan check the mail server IPs in 58 such RBL repositories.
Link crawling is a process of capturing all the webpages (its URLs) present on the website. It helps us understand how many webpages are there in our website and about what are these pages related to. The website owner can also cross-check whether these pages are legitimate or not.ESDS VTMScan does following things:
Banner grabbing is a collection of information related to your websites such as web server information, header information and open ports. Banner grabbing is a technique used to gain information about a computer system on a network and the services running on its open ports. An intruder can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits.ESDS VTMScan checks for following things:
ESDS VTMScan checks for SSL Poodle, BEAST, CRIME, Heartbleed, DROWN,SSL grade check,SSL Certificate check etc.In SSL Check, the following areas are checked:
Local File Inclusion (LFI) is a process where a file or a script is injected on a server through a web browser which allows local directory traversals and characters to be injected if the page is not sanitized. This attack leads to sensitive information disclosure.Remote File Inclusion (RFI):
Remote File Inclusion (RFI) is an attack which looks for vulnerabilities in a web application to include a remote file through a script on the web browser. The perpetrator wants to exploit the functions in an application to upload malware from a different domain.
The new feature of Data Leak has been introduced. Data Leak is unapproved transmission of data from organization to external destination.VTMScan checks whether the data breaching has occurred or not and displays in form of proper list under page source. These are informative alerts provided by VTMScan.
ESDS VTMScan DMARC inspector does the following things-
VTMScan Page content Scan does the following things-
Ans: Yes, VTMScan will also scan subdomains of your website, but you need to mention those subdomains in the additional domain field while you schedule your scan.Q: Can VTMScan schedule website scan as per user time frame?
Ans: Yes, VTMScan can schedule scans as per user time frame so that it won't affect user website during peak time. User will be provided with a custom scan option where he can set his time frame.Q: What is OS Detection in VTMScan?
Ans: OS Detection is one of the striking features of VTMScan. Most of the time website is coded very securely and is very hard to crack so, hackers target website server Operating System. VTMScan predicts your Operating System and lists down vulnerabilities regarding that website.Q: How exactly does VTMScan Ports remotely?
Ans: VTMScan checks for all ports on the server. It finds out all open ports and services/products running on those ports. It checks those products in vulnerability database and alerts if any product is vulnerable.Q:Does VTMScan installs any agents on my website?
Ans: VTMScan does not install any agent. VTMScan also takes care that it sends you harmless requests and payloads which will not affect performance and availability of the user website.Q : What is WAF?
Ans: A web application firewall (WAF) is an appliance, server plugin, or filter that applies a set of rules to an HTTP conversation. Generally, these rules cover common attacks such as cross-site scripting (XSS) and SQL injection. By customizing the rules to your application, many attacks can be identified and blocked. The effort to perform this customization can be significant and needs to be maintained as the application is modified.Q : What is Content Change Monitoring and it's usage?
Ans: Content Change Monitoring compares the current state of your website with the snapshot of your website which was taken by you earlier and informs if any changes are observed on the website.Q : Is Authentication Based Scanning supported by VTMScan?
Ans : Yes, VTMScan supports authentication based scanning viz. htaccess and web based authentication.Q : What do you mean by a CSRF vulnerability?
Ans: Cross-site request forgery, also known as one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser.Q : Does VTMScan detects CMS? If Yes, then which types of CMS are detected?
Ans: Yes, CMS is detected in VTMScan. Types of CMS that are detected and scanned are Wordpress, Joomla, vBulletin and Drupal.Q : How do I get my domain off the phishtank blacklist?
Ans: Please visit the following page: http://www.phishtank.com/contact.php and follow the instructions for reporting an incorrect phishing page.
This SLA is applicable to active customers with a valid and active subscription of ESDS VTMScan ServiceService Level Goal
ESDS is a cloud service provider company. Main aim is to provide the most redundant and reliable ESDS VTMScan Service to our clients and we are committed resolve any issues that client may come across with same. ESDS has well trained Support Teams with experience of working on web servers,operating systems, security, various software applications and databases. ESDS will make sure to provide complete management and support to its clients. Under this commitment we can cover resolution of issues raised under following categories as per expertise supported by us.a. Covered Issues:
ESDS will make all technical resources available in order to support their clients. However, it's client's responsibility to attempt to resolve basic issues such as adding websites, alert email addresses, monitoring of websites, fetch the reports, create a snapshot. ESDS reserves right to determine how much support or service level it will provide.
VTMScan offers Content Change Monitoring, a unique feature that notifies the website owners for any website content changes. VTMScan offers an in-depth scanning solution with instant alerts when the threat looms. It is fully compatible across all platforms and content management systems.
VTMScan detects the Top-10 vulnerabilities released by OWASP.
Content Change Monitoring
VTMScan creates time-to-time snapshots of a website. It compares snapshots with the website's current state and informs of any changes observed on the website.
Domain Reputation Check
VTMScan checks whether the domain is listed across various databases like- Google, SURBL, Malware Patrol, Clean MX and PhishTank.
VTMScan scans each and every webpage for GET and POST request for detecting XSS Attacks
SIDBI Says Good Bye to Threat with ESDS VTMScan Security..Read More
Today cybersecurity is an everyday issue for companies trying to...Read More
Before we begin to understand how to clean websites that have been hacked.Read More
The proactive tool to secure your website