How Does the WebSecured Site™ Seal Increase Site Security?

The RiskSecure WebSecured Site™ Seal is earned by a web site that has undergone and passed rigorous daily testing for over 15000 potential security flaws. These flaws, if gone unchecked, can result in serious consequences, including DOS (Denial of Service) attacks or leakage of sensitive data such as credit card information.

By employing the RiskSecure WebSecured Site™ Seal certification process, a company can greatly enhance their security and reduce their potential liability. The shopper benefits by knowing that they are engaged in a much safer shopping experience and that their most important information is being conscientiously protected.

The WebSecured Site™ Seal displays the last date on which the target was scanned, meaning that visitors can know for certain that the site's security is up-to-date. If new security vulnerabilities are discovered, the subscriber is notified and is given a certain amount of time to remedy the vulnerabilities before the seal no longer will display.

The Five-Phase RiskSecure Approach- WebSecured Site™ Seal Analysis

1. Network Ports Vulnerability Scan

The first phase in the RiskSecure WebSecured Site™ analysis is scanning all of the target's ports to determine which ones may be open to attack. The target's network architecture is scanned in the process, including servers, firewalls, IDS and IPS systems. Through scanning all potential ports, we can identify which ports may need additional security or can safely be closed down all together. This first part of the analysis is intensive and exhaustive, leaving no port unchecked.

2. Network Software Services Scan

The second phase in the analysis involves scanning the target for running software. The services for each piece of software are thoroughly checked to determine which ports they are running on and how the software is configured. Once we have a profile of software services, we use this profile to reference our extensive database of software-specific security issues. Based on the results, we may perform further testing on specific vulnerabilities to expose any additional issues these services my have.

3. Web Application Layer Scan

Testing the web application layer is the third, and most critical phase in the analysis since most hackers will penetrate through a weakness in the web application. HTTP related services to the domain name are tested, including configuration settings, enabled components and modules. The web site is rigorously tested to uncover any potential coding flaws that may result in revealing code, opening the server to SQL injections, or exposing software configurations.

4. Client Alerts Are Sent

As a subscriber, you will receive alerts whenever vulnerabilities are detected. Alerts can be received by e-mail. The client then reviews the easy to read and understand PDF formatted report. Each analysis will list your vulnerabilities in criticality ranked order, insuring that you can take immediate action to remedy any potential problems. After receiving your alert report and taking action to patch any security holes, you can request a re-scan to verify that you have indeed fixed any issues.

5. Reporting and Repairs

Each scan produces a report, which can be viewed online through the client web portal or downloaded in PDF form. Through the RiskSecure WebSecured Site™ web portal, you can easily manage your reports, and organize vulnerabilities according to a number of criteria including by risk, device or by the time required to address the issue. Detailed information is also supplied for most issues, including instructions for remediation.

We also offer professional CISSP certified assistance for any extra support and troubleshooting you require.