|
|
|
eEye
Retina Web Security Scanner
|
|

| Retina Web Security
Scanner |
eEye Retina Web Security Scanner, One URL/Web-Application
Unlimited Scanning, 1 Year
 |
#RETW-SFTW-XX-00001-1
Our Price: $6,995.00 |
|
More eEye Digital Security
options and pricing below, click here

eEye Retina Web Security Scanner Overview:
Conduct rapid and accurate scans. Minimize web-based
risk exposure.
Hackers are increasingly targeting web applications with Gartner estimating that 70%
of attacks against websites are coming at the application layer. Enterprises have
increasingly leveraged web applications as the interface of choice to access databases
that contain mission critical business data as well as confidential customer information
such as credit card and social security numbers.
The Retina Web Security Scanner is a
best-in-class web scanning solution that rapidly and
accurately scans large, complex web sites and web
applications to tackle web-based vulnerabilities.
The addition of this new product gives customers a
complete picture of the performance and security
status of deployed web applications plus on-demand
inventory and diagnostic capabilities, ensuring
privacy and compliance. Retina Web Security Scanner
identifies application vulnerabilities as well as
site exposure risk, ranks threat priority, produces
highly graphical, intuitive HTML reports, and
indicates site security posture by vulnerabilities
and threat level.
The Retina Web Security Scanner extends eEye’s growing
integrated threat management security suite and leverages
eEye’s advanced security intelligence capabilities,
developed from years of product development, security
research and professional services engagements. Using
Retina Web Security Scanner and Retina Network Security
Scanner in tandem, eEye customers now have a powerful
multi-layered scanning approach.
With the addition of eEye’s centralized management
and reporting console, REM, security administrators
have a unified solution that consolidates security information
into one dynamic repository. REM facilitates data analysis
and benefits administrators by eliminating information
overload and automating previously time-consuming tasks.
Users are able to install the Retina Web Security Scanner
on the same servers that currently run Retina Network
Security Scanner, significantly reducing installation
and maintenance costs.
Using signature-based checks for known vulnerabilities
is not useful in the web application space because almost
all web applications are different. Instead of attempting
a check the same way every time, Retina Web Security
Scanner determines the best way to evaluate an application
for vulnerabilities like input validation, poor coding
practices, weak configuration management and more. By
attempting context-sensitive vulnerability checking,
Retina Web Security Scanner can offer complete assessment
coverage with outstanding accuracy.
Since all vulnerabilities are not created equal,
Retina Web Security Scanner employs advanced intelligence
engines to make sure the right priorities are communicated
to you. By analyzing the content, structure and nature
of each vulnerability, the solution can keep you focused
on the real threats. From files/resources discovered
to source code to scripts, comments, and directory contents,
the automated reports will intelligently analyze all
of Retina Web Security Scanner's findings to ensure
you see the real threats.
In addition to assessing application vulnerabilities,
Retina Web Security Scanner performs an advanced site
analysis on your site structure, content and configuration
to identify inherent exposure to future or emerging
threats. This can be critical in determining security
requirements and site architecture planning to mitigate
future threats. Exposure is communicated via a security
posture rating and qualitative analysis of findings,
including a complete catalog of all site resources and
their attributes (e.g. forms, cookies, scripts, SQL
strings and ODBC connectors, authentication, applets/objects,
hidden fields, etc.).
Retina Web Security Scanner is the easiest to deploy,
easiest to manage and most accurate web application
vulnerability scanner available. With industry leading
reports and the most flexible data reporting possible,
Retina Web Security Scanner provides you with the capability
to communicate risk throughout your organization and
secure your network. Combined with Retina Network Security
Scanner and REM, Retina Web Security Scanner customers
are now able to extend their network vulnerability assessment
best practices to include their growing portfolio of
web applications and web sites.
Fast Facts:
|
- Accurately indentifies all
application links
- Scanning technology safe
for all production environments
- Fully automated scanner
with no user interaction required
after scan initiation
|
- Results in .xml or database
format
- Vulnerabilities consolidated
to facilitate remediation
- Reports allow vulnerability
recreation with Validate button
|
|
Top Rated Security for Your Web Applications:
Retina Web Security Scanner is a proven solution
designed to meet the stringent requrements of today's
security professionals. Retina's industry-leading web
security scanning technology gives users the tool required
to both identify and remediate vulnerabilities in their
web applications. Retina Web Security Scanner enables
users to secure their networks by:
Comprehensively assessing web applications
using contextual analysis
There are thousands of known exploits based on the
configurations of specific web applications. Trying
to test web sites by repeating these attacks is
insufficient as successful attacks are unique to
each application. Retina Web Security Scanner analyzes
every link in every web site and every parameter
in every query.It then creates custom attacks that
are designed to try to test weaknesses in the site.
These attacks can run to the tens or hundreds of
thousands based on the construction of the application.
Fully Automating the Assessment Process
The Retina Web Security Scanner has manual options
but no manual requirements. Retina has fully automated
authentication, with no requirement for users to
script logins. In addition, the solution has fully
automated false positive suppression, with no requirements
for users to train the tool.
Leveraging industry-leading heuristics to
increase accuracy
Retina Web Security Scanner's advanced heuristics
make the solution the most accurate web application
scanner in the industry and gives security teams
the confidence that their applications will be secure.
Consolidating Results to Increase Remediation
Efficiency
Merely knowing that a vulnerability exists is only
the first step. Retina Web Security Scanner consolidates
vulnerability data by root cause to reduce the number
of tickets assigned to development teams, saving
time and money.
Allowing Users to Quickly Validate Results
Web application attacks can be complex and difficult
to reproduce. Retina Web Security Scanner reports
include a Validate button to replay attacks so that
security teams and developers can see vulnerabilities
in real time. Once vulnerabilities are remediated,
users can see that the attack is no longer effective.
Retina Web Security Scanner is the perfect solution
for identifying and remediating vulnerabilities in your
web applications today. The Retina Web Security Scanner
found 8 to 19 times more vulnerabilities than two of
its primary competitors when scanning web applications.
With eEye, organizations will find they have better
control over the security of their web applications
and a reduced risk of data loss. Contact eEye today
and put the security concerns of your web applications
to rest.
Features and Benefits:
1. “Accuracy, Accuracy, Accuracy”
In real estate, there are only three important things to
consider: location, location, location. In Web application
scanning, they are: accuracy, accuracy, and accuracy.
scan a website
- False negatives leave enterprises
exposed to vulnerabilities that can result
in loss of confidential data
- False positives destroy the credibility
of the security team and can cripple an
application security program
2. Fully Automated Solution
Security teams do not have the time to teach tools how to
scan a website
- In web application scanning you are only given the home
page and then required to crawl the rest of the site unlike
network scanning where you know the problem space ahead
of time (an IP/Port range)
- If you don’t crawl a page, you can’t test it
- Competing tools require significant manual effort to function:
“In order to achieve good results, web application
scanners should be used in conjunction with manual security
assessment, which requires close acquaintance with the
web application and its different functionalities. “ Ory Segal,
Watchfire Director of Research
3. Retina Web Reports Help you Solve the Problem
Finding Vulnerabilities is only the first step; fixing them is
the goal:
- Web application attacks are polymorphic; they can be made
in a number of ways
- A single coding error can create hundreds or thousands of
vulnerabilities
- Retina Web Reports group vulnerabilities by their root
cause, speeding remediation
- All HTML Retina Web Reports allow developers and security
teams to validate vulnerabilities by replaying them against
the website – no more arguing whether something is
vulnerable or how to replicate it
With recent advances in hacking techniques, hackers are using
websites to attack users, installing malware like keystroke
loggers and rootkits.
4. Proactively Guard Against Application Flaws in Development and in Production
The eEye development and research teams encourage clients
to test web applications during development and throughout
a solutions production life cycle. This provides a baseline for
secure application testing and assists with best practice
security assessment and regulatory compliance.
5. Quickly Identify Links and Pages Within your Website
and Web Application
Retina Web can reliably and non-intrusively identify all of the
pages within your web site and web application and document
them graphically by hierarchy and risk. Essentially, if the web
site has links, Retina Web will document and assess with the
highest accuracy in the industry.
6. Safely Scan your Web Application Without Causing
Business Interruptions or Crashing the Application
Retina Web does not scan and test with exploit code and will
not crash your systems during a scan. With Retina Web, you
can safely scan production environments and obtain accurate
results without business interruption.
7. Extensive Web Application Support
Retina Web provides extensive support for any operating
system hosting a web application and can scan web applications
developed in ASP, .NET, PHP, Java, AJAX, ActiveX
and HTML
8. Test your Website to see if it is Being Used to Hack
your Users
With recent advances in hacking techniques, hackers are using
websites to attack users, installing malware like keystroke
loggers and rootkits.
- The Bank of India Attack, where an invisible iframe infected
user machines, made these attacks famous
- Retina Web is the only tool that can detect if a website is
already infected with malware attacks such as the iframe
attack (where a hacker inserts code that calls another
website to upload malware, such as keystroke loggers, to
users of the website)
Additional Futures and Benefits:
Threat Analysis -
Retina Web Security Scanner doesn’t just detail a list of vulnerabilities; it helps
security teams understand the architecture of their sites. Where are they receiving
data? Where are they sending data? What links could be vulnerable and need special
attention?
Group Specific Reports -
Retina Web Security Scanner includes reports that contain only the vulnerabilities
to be fixed by specific groups (server, developers and database). This simplifies
remediation efforts by allowing security teams to easily assign vulnerabilities to the
personnel responsible for fixing them.
Interactive Site Mapping -
Retina Web Security Scanner includes interactive site maps that allow security teams
and developers to look at a graphic representation of their site and the location of any
vulnerabilities.
Privacy Reporting -
Retina Web Security Scanner includes privacy reports that enable enterprises to
determine if web applications are complying with privacy and data security policies.
Remediation Estimates -
Retina Web Security Scanner includes time and cost estimates for remediating all
discovered vulnerabilities to expedite budgeting.
Web services support -
Retina Web Security Scanner has support for testing SOAP packets including the
ability to identify and automatically parse WSDLs.
Key Features:
Reliable, Non-Intrusive Scanning
Technology - Most web application scanners
rely on exploit code to verify web application
vulnerabilities, frequently exposing services
data and databases supporting the solution.
Retina Web tests without using exploit code and
will not harm your web application even if it is
in production.
HTML Reports - Retina Web HTML reports
group vulnerabilities by root cause,
facilitating remediation efforts. The reports
also allow users to validate vulnerabilities by
replaying attacks against the website.
Test for Persistent Cross-Site Scripting - Persistent Cross-Site
Scripting (where a hacker can permanently inject an attack into the website) is
very dangerous because these attacks can be used to upload malware to other
machines. Retina Web investigates if a site is susceptible to this form of
attack.
Checks for Existing Malware - Retina Web checks user sites for
existing instances of links that can upload malware and verifies if a site has
already been hacked.
Comprehensive and Current Testing Philosophy - The most advanced and
comprehensive scan engine available. Critical vulnerabilities are fully
documented and all known exploit methods are fully automated for testing. The
amount of techniques used to verify security and integrity far exceeds the
leading competition.
Superior Research Team - No security vendor can match the expertise of
the eEye Research and Development Teams. Over the last 10 years, eEye has
discovered more critical vulnerabilities than all other research group and leads
the way in managing the latest threats like web application vulnerabilities.
Extensive Application Support - Retina Web’s flexible architecture
allows for scanning of any web application regardless of host operating system,
database, or web server. Regardless of the technology implemented: ASP, .NET,
PHP, Java, AJAX, ActiveX, and HTML, Retina Web can perform fully-automated scans
to document vulnerabilities within your business solutions.
Best Practice Approach to Web Application Vulnerability Assessments -
Retina Web guides users through the logical steps of setting up a scan, crawling
the website, documenting configuration issues, recommending remediation actions
and reporting on the entire vulnerability management process using industry
accepted best practices for code and web application mitigation.
Unrestricted HyperLink Discovery -
Retina Web allows for the discovery of a website
without restrictions. At a glance,
administrators can determine the number and
depth of pages and links on their website and
review design parameters for usability and
functionality for any given web application.
Flexible Remediation Reporting - Within the workflow or Retina Web,
users can review targeted reports to identify specific vulnerabilities for
remediation by risk, vulnerability or even by function for executives,
developers, auditors, and administrators. Retina Web also provides a costing
estimate for remediation so that the business can budget accordingly for
remediation verses the cost of an exposure.
Wizard Based Auditing - Configuration wizards help ensure corporate
policies with regards to credentials, proxies, test criteria, cost estimates,
and third party authentication are being correctly simulated against the entire
web application.
Granular Attack Control - Administrators can configure simulated
attacks within Retina Web by class or build on custom attack policy. Retina Web
provides the ability to target scanning efforts where granular results are
required and build tests for verification based on your own security needs.
Configurable High-Speed Scanning - Retina Web can scan an entire
website with unprecedented accuracy. Retina Web’s secret for speed lies in the
ability to configure timeouts and retries by using both minimum and maximum
value settings. This ensures that the next result is sent as soon as the session
is available without artificially padding delays based on the worst case
response scenario.
Key Advantages:
- Independent testing confirms Retina Web finds 10-20 times more vulnerabilities
than competing tools
- Independent testing confirms the lowest false positive rate for a web
application scanner
- Fully automated testing without the need to train the solution on the target
website
- Reports are interactive HTML – they consolidate vulnerabilities by root cause,
saving time and money and allow 20 users to validate vulnerabilities through
the reports without requiring a license of the tool.
- Effectively audits more code base than the leading competitors
- Complete web site and link crawling to document an entire website or web
application
- Comprehensive reporting for executives, developers, database administrators
and security experts
- Backed by an unrivaled vulnerability research and development team
- Platform independent scanning architecture for auditing any web application
regardless of host operating system
- Innovative, non-intrusive, and safe scanning technology
- User definable custom audits, programming skills not required
- Identifies known, unknown, and zero-day vulnerabilities at the application layer
- Accurate vulnerability detection using multiple engines for verification and
analysis
- Easily identifies common flaws down to the root cause within a web page
- Runs on Windows 2000, XP, or 2003
Why Use Retina Web Security Scanner
1. Department or enterprise-wide web application security verification Retina Web scales to meet the requirements of any web application and supports scanning in distributed environments by
allowing reports to be managed using any web browser from a central location.
2. Compliance with industry or federal regulations
Retina Web helps companies comply with Payment Card Industry (PCI), Federal Desktop Core Configuration (FDCC), Health
Insurance Portability and Accountability Act (HIPAA), Sarbanes Oxley (SOX), Gramm-Leach-Bliley Act, Federal Information
Security Management (FISM) Act, European Union Data Directive, and others by verifying the security and integrity of
web applications.
3. Identify security risks and eliminate business interruptions
Less sophisticated and intrusive scanners can crash an application as a result of their scanning by identifying a flaw and
executing full exploit code to penetrate the vulnerability. Retina Web does not run any type of exploit code to conduct a
scan and accurately identifies vulnerabilities without compromising an application.
4. Link and risk identification
Retina Web can accurately crawl and document all links within a website and determine pages and links connected
throughout the application. Vulnerability assessment determines which pages and code pose the greatest risk to the site
from hackers to data leakage and appropriately document the risk and severity for prioritized remediation.
Specifications:
Retina Web Security Scanner software has the following
minimum system requirements:
- Microsoft Windows 2000
- Microsoft Windows XP (32-bit)
- Microsoft Windows Vista (32-bit)
- 1 GB of RAM
- 500 MB hard-disk space required for installation
(10 GB recommended)
- Ethernet and/or Internet Connection (scanner
must have unrestricted connectivity to the web applications
being scanned)
Retina Screenshots:

Pricing Notes:
- ** Pricing Valid For United States and Canada Only
**
- Retina Web Security Scanner is sold as a one year subscription. The product
will not function after the subscription period has ended.
All licensed users may purchase additional subscription
time via the eEye Customer Portal.
- Product maintenance is included with every Retina
Web Security Scanner
subscription. Maintenance provides licensed users with version
updates and technical support.
| Retina Web Security
Scanner |
eEye Retina Web Security Scanner, One URL/Web-Application
Unlimited Scanning, 1 Year
 |
#RETW-SFTW-XX-00001-1
Our Price: $6,995.00 |
|
| Retina Web Security
Scanner Renewal |
eEye Retina Web Security Scanner, One URL/Web-Application
Unlimited Scanning, 1 Year Renewal
 |
#RETW-SFTW-XX-00001-R
Our Price: $6,995.00 |
|
|
|