Web Application Vulnerability Scans (WAVS)

DIR offers no-cost web application vulnerability scanning for state agencies and institutions of higher education using an industry leading web application security testing suite. The web application security testing suite scans and tests for all common web application vulnerabilities, including those identified in the WASC threat classification such as SQL-Injection, Cross-Site Scripting and Buffer Overflow.

In addition, it provides complete vulnerability scanning associated with the latest Web 2.0 technologies and includes enhanced support for Flash and advanced JavaScript, coupled with comprehensive AJAX support (including dedicated tests for JSON and Web Services parameters).

Benefits of the service include:   

• Broad Application Coverage: supports advanced Web 2.0 technologies by scanning and reporting on vulnerabilities found in Web Services and Ajax-based applications
• Advanced Remediation Recommendations: shows a comprehensive task list necessary to fix issues uncovered during the scan
• Regulatory Compliance Reporting: more than 40 out-of-the box compliance reports including PCI Data Security Standard, Payment Application Best Practices (PABP), ISO 17799, ISO 27001 and Basel II

  For more information, please contact Ted James.