eEye Retina Web Security Scanner Overview:
Conduct rapid and accurate scans. Minimize web-based
risk exposure.
The Retina Web Security Scanner is a best-in-class
web scanning solution that rapidly and accurately scans
large, complex web sites and web applications to tackle
web-based vulnerabilities. The addition of this new
product gives customers a complete picture of the performance
and security status of deployed web applications plus
on-demand inventory and diagnostic capabilities, ensuring
privacy and compliance. Retina Web Security Scanner
identifies application vulnerabilities as well as site
exposure risk, ranks threat priority, produces highly
graphical, intuitive HTML reports, and indicates site
security posture by vulnerabilities and threat level.
The Retina Web Security Scanner extends eEye’s growing
integrated threat management security suite and leverages
eEye’s advanced security intelligence capabilities,
developed from years of product development, security
research and professional services engagements. Using
Retina Web Security Scanner and Retina Network Security
Scanner in tandem, eEye customers now have a powerful
multi-layered scanning approach.
With the addition of eEye’s centralized management
and reporting console, REM, security administrators
have a unified solution that consolidates security information
into one dynamic repository. REM facilitates data analysis
and benefits administrators by eliminating information
overload and automating previously time-consuming tasks.
Users are able to install the Retina Web Security Scanner
on the same servers that currently run Retina Network
Security Scanner, significantly reducing installation
and maintenance costs.
Using signature-based checks for known vulnerabilities
is not useful in the web application space because almost
all web applications are different. Instead of attempting
a check the same way every time, Retina Web Security
Scanner determines the best way to evaluate an application
for vulnerabilities like input validation, poor coding
practices, weak configuration management and more. By
attempting context-sensitive vulnerability checking,
Retina Web Security Scanner can offer complete assessment
coverage with outstanding accuracy.
Since all vulnerabilities are not created equal,
Retina Web Security Scanner employs advanced intelligence
engines to make sure the right priorities are communicated
to you. By analyzing the content, structure and nature
of each vulnerability, the solution can keep you focused
on the real threats. From files/resources discovered
to source code to scripts, comments, and directory contents,
the automated reports will intelligently analyze all
of Retina Web Security Scanner's findings to ensure
you see the real threats.
In addition to assessing application vulnerabilities,
Retina Web Security Scanner performs an advanced site
analysis on your site structure, content and configuration
to identify inherent exposure to future or emerging
threats. This can be critical in determining security
requirements and site architecture planning to mitigate
future threats. Exposure is communicated via a security
posture rating and qualitative analysis of findings,
including a complete catalog of all site resources and
their attributes (e.g. forms, cookies, scripts, SQL
strings and ODBC connectors, authentication, applets/objects,
hidden fields, etc.).
Retina Web Security Scanner is the easiest to deploy,
easiest to manage and most accurate web application
vulnerability scanner available. With industry leading
reports and the most flexible data reporting possible,
Retina Web Security Scanner provides you with the capability
to communicate risk throughout your organization and
secure your network. Combined with Retina Network Security
Scanner and REM, Retina Web Security Scanner customers
are now able to extend their network vulnerability assessment
best practices to include their growing portfolio of
web applications and web sites.
Fast Facts:
|
- Accurately indentifies all
application links
- Scanning technology safe
for all production environments
- Fully automated scanner
with no user interaction required
after scan initiation
|
- Results in .xml or database
format
- Vulnerabilities consolidated
to facilitate remediation
- Reports allow vulnerability
recreation with Validate button
|
|
Top Rated Security for Your Web Applications:
Retina Web Security Scanner is a proven solution
designed to meet the stringent requrements of today's
security professionals. Retina's industry-leading web
security scanning technology gives users the tool required
to both identify and remediate vulnerabilities in their
web applications. Retina Web Security Scanner enables
users to secure their networks by:
Comprehensively assessing web applications
using contextual analysis
There are thousands of known exploits based on the
configurations of specific web applications. Trying
to test web sites by repeating these attacks is
insufficient as successful attacks are unique to
each application. Retina Web Security Scanner analyzes
every link in every web site and every parameter
in every query.It then creates custom attacks that
are designed to try to test weaknesses in the site.
These attacks can run to the tens or hundreds of
thousands based on the construction of the application.
Fully Automating the Assessment Process
The Retina Web Security Scanner has manual options
but no manual requirements. Retina has fully automated
authentication, with no requirement for users to
script logins. In addition, the solution has fully
automated false positive suppression, with no requirements
for users to train the tool.
Leveraging industry-leading heuristics to
increase accuracy
Retina Web Security Scanner's advanced heuristics
make the solution the most accurate web application
scanner in the industry and gives security teams
the confidence that their applications will be secure.
Consolidating Results to Increase Remediation
Efficiency
Merely knowing that a vulnerability exists is only
the first step. Retina Web Security Scanner consolidates
vulnerability data by root cause to reduce the number
of tickets assigned to development teams, saving
time and money.
Allowing Users to Quickly Validate Results
Web application attacks can be complex and difficult
to reproduce. Retina Web Security Scanner reports
include a Validate button to replay attacks so that
security teams and developers can see vulnerabilities
in real time. Once vulnerabilities are remediated,
users can see that the attack is no longer effective.
Retina Web Security Scanner is the perfect solution
for identifying and remediating vulnerabilities in your
web applications today. The Retina Web Security Scanner
found 8 to 19 times more vulnerabilities than two of
its primary competitors when scanning web applications.
With eEye, organizations will find they have better
control over the security of their web applications
and a reduced risk of data loss. Contact eEye today
and put the security concerns of your web applications
to rest.
Features and Benefits:
Threat Analysis - Retina Web Security Scanner
doesn't just detail a list of vulnerabilities; it helps
security teams understand the architecture of their
sites. Where are they receiving data? Where are they
sending data? What links could be vulnerable and need
special attention?
Group Specific Reports - Retina Web Security
Scanner includes reports that contain only the vulnerabilities
to be fixed by specific groups (server, developers and
database). This simplifies remediation efforts by allowing
security teams to easily assign vulnerabilities to the
personnel responsible for fixing them.
Interactive Site Mapping - Retina Web Security
Scanner includes interactive site maps that allow security
teams and developers to look at a graphic representation
of their site and the location of any vulnerabilities.
Privacy Reporting - Retina Web Security Scanner
includes privacy reports that enable enterprises to
determine if web applications are complying with privacy
and data security policies.
Remediation Estimates - Retina Web Security
Scanner includes time and cost estimates for remediating
all discovered vulnerabilities to expedite budgeting.
Web services support - Retina Web Security
Scanner has support for testing SOAP packets including
the ability to identify and automatically parse WSDLs.