RE: Web Site Certification

["Craig Wright" <cwright () bdosyd com au>]

Hello,
No you can not secure a site by scanning, but you can warrant a service.

These services are based on good legal contracts that are generally
accepted without review. Scanalert for instance has the clause "You
agree to maintain your account in a secure way".

Next there is a limitation term; "You agree that ScanAlert's liability
for all causes of actions relating to this agreement and any matters
relating to our delivery of, or your use of the Services shall not
exceed the monies paid to ScanAlert in the 12 months preceding the
proper service of the cause of action."

Basically the service is "best effort" where this is left undefined
other than to be taken to the standards used in CA, US.

If they fail to secure the site, you can bring suit to get a refund.
This is what they offer, it is not an audit service, just a automated
scan service that comes with no express guarantee.

Regards,
Craig

-----Original Message-----
From: Marco Passarella [mailto:mark.keon () gmail com]
Sent: Thursday, 27 April 2006 7:16 PM
To: webappsec () securityfocus com
Subject: Web Site Certification

Hi all,
what do you think about the remote services that promise your site to
be "hacker free"?
Can you really monitor remotely the security of a site using a scanner?
Here is an example:
http://www.scanalert.com/

Thanks,
Mark

------------------------------------------------------------------------
-
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
------------------------------------------------------------------------
--



Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within 
those States and Territories of Australia where such legislation exists.

DISCLAIMER
The information contained in this email and any attachments is confidential. If you are not the intended recipient, you 
must not use or disclose the information. If you have received this email in error, please inform us promptly by reply 
email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. 

Any views expressed in this message are those of the individual sender. You may not rely on this message as advice 
unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by 
a Partner of BDO.

BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, 
interception, corruption or unauthorised access.

-------------------------------------------------------------------------
Sponsored by: Watchfire

Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!

https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------