eEye Retina Web Security Scanner Overview:

Conduct rapid and accurate scans. Minimize web-based risk exposure.

Hackers are increasingly targeting web applications with Gartner estimating that 70% of attacks against websites are coming at the application layer. Enterprises have increasingly leveraged web applications as the interface of choice to access databases that contain mission critical business data as well as confidential customer information such as credit card and social security numbers.

The Retina Web Security Scanner is a best-in-class web scanning solution that rapidly and accurately scans large, complex web sites and web applications to tackle web-based vulnerabilities. The addition of this new product gives customers a complete picture of the performance and security status of deployed web applications plus on-demand inventory and diagnostic capabilities, ensuring privacy and compliance. Retina Web Security Scanner identifies application vulnerabilities as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat level.

The Retina Web Security Scanner extends eEye’s growing integrated threat management security suite and leverages eEye’s advanced security intelligence capabilities, developed from years of product development, security research and professional services engagements. Using Retina Web Security Scanner and Retina Network Security Scanner in tandem, eEye customers now have a powerful multi-layered scanning approach.

With the addition of eEye’s centralized management and reporting console, REM, security administrators have a unified solution that consolidates security information into one dynamic repository. REM facilitates data analysis and benefits administrators by eliminating information overload and automating previously time-consuming tasks. Users are able to install the Retina Web Security Scanner on the same servers that currently run Retina Network Security Scanner, significantly reducing installation and maintenance costs.

Using signature-based checks for known vulnerabilities is not useful in the web application space because almost all web applications are different. Instead of attempting a check the same way every time, Retina Web Security Scanner determines the best way to evaluate an application for vulnerabilities like input validation, poor coding practices, weak configuration management and more. By attempting context-sensitive vulnerability checking, Retina Web Security Scanner can offer complete assessment coverage with outstanding accuracy.

Since all vulnerabilities are not created equal, Retina Web Security Scanner employs advanced intelligence engines to make sure the right priorities are communicated to you. By analyzing the content, structure and nature of each vulnerability, the solution can keep you focused on the real threats. From files/resources discovered to source code to scripts, comments, and directory contents, the automated reports will intelligently analyze all of Retina Web Security Scanner's findings to ensure you see the real threats.

In addition to assessing application vulnerabilities, Retina Web Security Scanner performs an advanced site analysis on your site structure, content and configuration to identify inherent exposure to future or emerging threats. This can be critical in determining security requirements and site architecture planning to mitigate future threats. Exposure is communicated via a security posture rating and qualitative analysis of findings, including a complete catalog of all site resources and their attributes (e.g. forms, cookies, scripts, SQL strings and ODBC connectors, authentication, applets/objects, hidden fields, etc.).

Retina Web Security Scanner is the easiest to deploy, easiest to manage and most accurate web application vulnerability scanner available. With industry leading reports and the most flexible data reporting possible, Retina Web Security Scanner provides you with the capability to communicate risk throughout your organization and secure your network. Combined with Retina Network Security Scanner and REM, Retina Web Security Scanner customers are now able to extend their network vulnerability assessment best practices to include their growing portfolio of web applications and web sites.

Top Rated Security for Your Web Applications:

Retina Web Security Scanner is a proven solution designed to meet the stringent requrements of today's security professionals. Retina's industry-leading web security scanning technology gives users the tool required to both identify and remediate vulnerabilities in their web applications. Retina Web Security Scanner enables users to secure their networks by:

Comprehensively assessing web applications using contextual analysis
There are thousands of known exploits based on the configurations of specific web applications. Trying to test web sites by repeating these attacks is insufficient as successful attacks are unique to each application. Retina Web Security Scanner analyzes every link in every web site and every parameter in every query.It then creates custom attacks that are designed to try to test weaknesses in the site. These attacks can run to the tens or hundreds of thousands based on the construction of the application.

Fully Automating the Assessment Process
The Retina Web Security Scanner has manual options but no manual requirements. Retina has fully automated authentication, with no requirement for users to script logins. In addition, the solution has fully automated false positive suppression, with no requirements for users to train the tool.

Leveraging industry-leading heuristics to increase accuracy
Retina Web Security Scanner's advanced heuristics make the solution the most accurate web application scanner in the industry and gives security teams the confidence that their applications will be secure.

Consolidating Results to Increase Remediation Efficiency
Merely knowing that a vulnerability exists is only the first step. Retina Web Security Scanner consolidates vulnerability data by root cause to reduce the number of tickets assigned to development teams, saving time and money.

Allowing Users to Quickly Validate Results
Web application attacks can be complex and difficult to reproduce. Retina Web Security Scanner reports include a Validate button to replay attacks so that security teams and developers can see vulnerabilities in real time. Once vulnerabilities are remediated, users can see that the attack is no longer effective.

Retina Web Security Scanner is the perfect solution for identifying and remediating vulnerabilities in your web applications today. The Retina Web Security Scanner found 8 to 19 times more vulnerabilities than two of its primary competitors when scanning web applications. With eEye, organizations will find they have better control over the security of their web applications and a reduced risk of data loss. Contact eEye today and put the security concerns of your web applications to rest.

Features and Benefits:

1. “Accuracy, Accuracy, Accuracy”
In real estate, there are only three important things to consider: location, location, location. In Web application scanning, they are: accuracy, accuracy, and accuracy. scan a website

• False negatives leave enterprises exposed to vulnerabilities that can result in loss of confidential data
• False positives destroy the credibility of the security team and can cripple an application security program

2. Fully Automated Solution
Security teams do not have the time to teach tools how to scan a website

• In web application scanning you are only given the home page and then required to crawl the rest of the site unlike network scanning where you know the problem space ahead of time (an IP/Port range)
• If you don’t crawl a page, you can’t test it
• Competing tools require significant manual effort to function: “In order to achieve good results, web application scanners should be used in conjunction with manual security assessment, which requires close acquaintance with the web application and its different functionalities. “ Ory Segal, Watchfire Director of Research

3. Retina Web Reports Help you Solve the Problem
Finding Vulnerabilities is only the first step; fixing them is the goal:

• Web application attacks are polymorphic; they can be made in a number of ways
• A single coding error can create hundreds or thousands of vulnerabilities
• Retina Web Reports group vulnerabilities by their root cause, speeding remediation
• All HTML Retina Web Reports allow developers and security teams to validate vulnerabilities by replaying them against the website – no more arguing whether something is vulnerable or how to replicate it With recent advances in hacking techniques, hackers are using websites to attack users, installing malware like keystroke loggers and rootkits.

4. Proactively Guard Against Application Flaws in Development and in Production
The eEye development and research teams encourage clients to test web applications during development and throughout a solutions production life cycle. This provides a baseline for secure application testing and assists with best practice security assessment and regulatory compliance.

5. Quickly Identify Links and Pages Within your Website and Web Application
Retina Web can reliably and non-intrusively identify all of the pages within your web site and web application and document them graphically by hierarchy and risk. Essentially, if the web site has links, Retina Web will document and assess with the highest accuracy in the industry.

6. Safely Scan your Web Application Without Causing Business Interruptions or Crashing the Application
Retina Web does not scan and test with exploit code and will not crash your systems during a scan. With Retina Web, you can safely scan production environments and obtain accurate results without business interruption.

7. Extensive Web Application Support
Retina Web provides extensive support for any operating system hosting a web application and can scan web applications developed in ASP, .NET, PHP, Java, AJAX, ActiveX and HTML

8. Test your Website to see if it is Being Used to Hack your Users
With recent advances in hacking techniques, hackers are using websites to attack users, installing malware like keystroke loggers and rootkits.

• The Bank of India Attack, where an invisible iframe infected user machines, made these attacks famous
• Retina Web is the only tool that can detect if a website is already infected with malware attacks such as the iframe attack (where a hacker inserts code that calls another website to upload malware, such as keystroke loggers, to users of the website)

Additional Futures and Benefits:

Threat Analysis - Retina Web Security Scanner doesn’t just detail a list of vulnerabilities; it helps security teams understand the architecture of their sites. Where are they receiving data? Where are they sending data? What links could be vulnerable and need special attention?

Group Specific Reports - Retina Web Security Scanner includes reports that contain only the vulnerabilities to be fixed by specific groups (server, developers and database). This simplifies remediation efforts by allowing security teams to easily assign vulnerabilities to the personnel responsible for fixing them.

Interactive Site Mapping - Retina Web Security Scanner includes interactive site maps that allow security teams and developers to look at a graphic representation of their site and the location of any vulnerabilities.

Privacy Reporting - Retina Web Security Scanner includes privacy reports that enable enterprises to determine if web applications are complying with privacy and data security policies.

Remediation Estimates - Retina Web Security Scanner includes time and cost estimates for remediating all discovered vulnerabilities to expedite budgeting.

Web services support - Retina Web Security Scanner has support for testing SOAP packets including the ability to identify and automatically parse WSDLs.

Key Features:

Reliable, Non-Intrusive Scanning Technology - Most web application scanners rely on exploit code to verify web application vulnerabilities, frequently exposing services data and databases supporting the solution. Retina Web tests without using exploit code and will not harm your web application even if it is in production.

HTML Reports - Retina Web HTML reports group vulnerabilities by root cause, facilitating remediation efforts. The reports also allow users to validate vulnerabilities by replaying attacks against the website.

Test for Persistent Cross-Site Scripting - Persistent Cross-Site Scripting (where a hacker can permanently inject an attack into the website) is very dangerous because these attacks can be used to upload malware to other machines. Retina Web investigates if a site is susceptible to this form of attack.

Checks for Existing Malware - Retina Web checks user sites for existing instances of links that can upload malware and verifies if a site has already been hacked.

Comprehensive and Current Testing Philosophy - The most advanced and comprehensive scan engine available. Critical vulnerabilities are fully documented and all known exploit methods are fully automated for testing. The amount of techniques used to verify security and integrity far exceeds the leading competition.

Superior Research Team - No security vendor can match the expertise of the eEye Research and Development Teams. Over the last 10 years, eEye has discovered more critical vulnerabilities than all other research group and leads the way in managing the latest threats like web application vulnerabilities.

Extensive Application Support - Retina Web’s flexible architecture allows for scanning of any web application regardless of host operating system, database, or web server. Regardless of the technology implemented: ASP, .NET, PHP, Java, AJAX, ActiveX, and HTML, Retina Web can perform fully-automated scans to document vulnerabilities within your business solutions.

Best Practice Approach to Web Application Vulnerability Assessments - Retina Web guides users through the logical steps of setting up a scan, crawling the website, documenting configuration issues, recommending remediation actions and reporting on the entire vulnerability management process using industry accepted best practices for code and web application mitigation.

Unrestricted HyperLink Discovery - Retina Web allows for the discovery of a website without restrictions. At a glance, administrators can determine the number and depth of pages and links on their website and review design parameters for usability and functionality for any given web application.

Flexible Remediation Reporting - Within the workflow or Retina Web, users can review targeted reports to identify specific vulnerabilities for remediation by risk, vulnerability or even by function for executives, developers, auditors, and administrators. Retina Web also provides a costing estimate for remediation so that the business can budget accordingly for remediation verses the cost of an exposure.

Wizard Based Auditing - Configuration wizards help ensure corporate policies with regards to credentials, proxies, test criteria, cost estimates, and third party authentication are being correctly simulated against the entire web application.

Granular Attack Control - Administrators can configure simulated attacks within Retina Web by class or build on custom attack policy. Retina Web provides the ability to target scanning efforts where granular results are required and build tests for verification based on your own security needs.

Configurable High-Speed Scanning - Retina Web can scan an entire website with unprecedented accuracy. Retina Web’s secret for speed lies in the ability to configure timeouts and retries by using both minimum and maximum value settings. This ensures that the next result is sent as soon as the session is available without artificially padding delays based on the worst case response scenario.

Key Advantages:

• Independent testing confirms Retina Web finds 10-20 times more vulnerabilities than competing tools
   
• Independent testing confirms the lowest false positive rate for a web application scanner
   
• Fully automated testing without the need to train the solution on the target website
   
• Reports are interactive HTML – they consolidate vulnerabilities by root cause, saving time and money and allow 20 users to validate vulnerabilities through the reports without requiring a license of the tool.
   
• Effectively audits more code base than the leading competitors
   
• Complete web site and link crawling to document an entire website or web application
   
• Comprehensive reporting for executives, developers, database administrators and security experts
   
• Backed by an unrivaled vulnerability research and development team
   
• Platform independent scanning architecture for auditing any web application regardless of host operating system
   
• Innovative, non-intrusive, and safe scanning technology
   
• User definable custom audits, programming skills not required
   
• Identifies known, unknown, and zero-day vulnerabilities at the application layer
   
• Accurate vulnerability detection using multiple engines for verification and analysis
   
• Easily identifies common flaws down to the root cause within a web page
   
• Runs on Windows 2000, XP, or 2003

Why Use Retina Web Security Scanner

1. Department or enterprise-wide web application security verification
Retina Web scales to meet the requirements of any web application and supports scanning in distributed environments by allowing reports to be managed using any web browser from a central location.

2. Compliance with industry or federal regulations
Retina Web helps companies comply with Payment Card Industry (PCI), Federal Desktop Core Configuration (FDCC), Health Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley (SOX), Gramm-Leach-Bliley Act, Federal Information Security Management (FISM) Act, European Union Data Directive, and others by verifying the security and integrity of web applications.

3. Identify security risks and eliminate business interruptions
Less sophisticated and intrusive scanners can crash an application as a result of their scanning by identifying a flaw and executing full exploit code to penetrate the vulnerability. Retina Web does not run any type of exploit code to conduct a scan and accurately identifies vulnerabilities without compromising an application.

4. Link and risk identification
Retina Web can accurately crawl and document all links within a website and determine pages and links connected throughout the application. Vulnerability assessment determines which pages and code pose the greatest risk to the site from hackers to data leakage and appropriately document the risk and severity for prioritized remediation.

Specifications:

Retina Web Security Scanner software has the following minimum system requirements:

• Microsoft Windows 2000
• Microsoft Windows XP (32-bit)
• Microsoft Windows Vista (32-bit)
• 1 GB of RAM
• 500 MB hard-disk space required for installation (10 GB recommended)
• Ethernet and/or Internet Connection (scanner must have unrestricted connectivity to the web applications being scanned)

Retina Screenshots:

Documentation:

Download the eEye Retina Web Security Scanner Datasheet (PDF).

Download the eEye Retina Web Security Scanner Solution Overview (PDF).