WebApp Sec mailing list archives
RE: Web Site Certification
From: "Craig Wright" <cwright () bdosyd com au>
Date: Fri, 28 Apr 2006 07:20:50 +1000
Hello, No you can not secure a site by scanning, but you can warrant a service. These services are based on good legal contracts that are generally accepted without review. Scanalert for instance has the clause "You agree to maintain your account in a secure way". Next there is a limitation term; "You agree that ScanAlert's liability for all causes of actions relating to this agreement and any matters relating to our delivery of, or your use of the Services shall not exceed the monies paid to ScanAlert in the 12 months preceding the proper service of the cause of action." Basically the service is "best effort" where this is left undefined other than to be taken to the standards used in CA, US. If they fail to secure the site, you can bring suit to get a refund. This is what they offer, it is not an audit service, just a automated scan service that comes with no express guarantee. Regards, Craig -----Original Message----- From: Marco Passarella [mailto:mark.keon () gmail com] Sent: Thursday, 27 April 2006 7:16 PM To: webappsec () securityfocus com Subject: Web Site Certification Hi all, what do you think about the remote services that promise your site to be "hacker free"? Can you really monitor remotely the security of a site using a scanner? Here is an example: http://www.scanalert.com/ Thanks, Mark ------------------------------------------------------------------------ - Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. Change the way you think about application security testing - See for yourself. Download a Free Trial of AppScan 6.0 today! https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF ------------------------------------------------------------------------ -- Liability limited by a scheme approved under Professional Standards Legislation in respect of matters arising within those States and Territories of Australia where such legislation exists. DISCLAIMER The information contained in this email and any attachments is confidential. If you are not the intended recipient, you must not use or disclose the information. If you have received this email in error, please inform us promptly by reply email or by telephoning +61 2 9286 5555. Please delete the email and destroy any printed copy. Any views expressed in this message are those of the individual sender. You may not rely on this message as advice unless it has been electronically signed by a Partner of BDO or it is subsequently confirmed by letter or fax signed by a Partner of BDO. BDO accepts no liability for any damage caused by this email or its attachments due to viruses, interference, interception, corruption or unauthorised access. ------------------------------------------------------------------------- Sponsored by: Watchfire Watchfire's AppScan is the industry's first and leading web application security testing suite, and the only solution to provide comprehensive remediation tasks at every level of the application. Change the way you think about application security testing - See for yourself. Download a Free Trial of AppScan 6.0 today! https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF --------------------------------------------------------------------------
Current thread:
- Web Site Certification Marco Passarella (Apr 27)
- Re: Web Site Certification Dean H. Saxe (Apr 27)
- Re: Web Site Certification Nathaniel Hall (Apr 27)
- <Possible follow-ups>
- RE: Web Site Certification Craig Wright (Apr 27)
- RE: Web Site Certification Craig Wright (Apr 27)
- RE: Web Site Certification Adam Mikrut (Apr 27)
- Re: Web Site Certification Adam Tuliper (Apr 28)
- Re: Web Site Certification Admin Dbtech (Apr 27)
- Re: Web Site Certification ROB DIXON (Apr 27)
- RE: Web Site Certification ROB DIXON (May 01)