Hello,
No you can not secure a site by scanning, but you can warrant a service.
These services are based on good legal contracts that are generally
accepted without review. Scanalert for instance has the clause "You
agree to maintain your account in a secure way".
Next there is a limitation term; "You agree that ScanAlert's liability
for all causes of actions relating to this agreement and any matters
relating to our delivery of, or your use of the Services shall not
exceed the monies paid to ScanAlert in the 12 months preceding the
proper service of the cause of action."
Basically the service is "best effort" where this is left undefined
other than to be taken to the standards used in CA, US.
If they fail to secure the site, you can bring suit to get a refund.
This is what they offer, it is not an audit service, just a automated
scan service that comes with no express guarantee.
Regards,
Craig
-----Original Message-----
From: Marco Passarella [mailto:mark.keon@gmail.com]
Sent: Thursday, 27 April 2006 7:16 PM
To: webappsec@securityfocus.com
Subject: Web Site Certification
Hi all,
what do you think about the remote services that promise your site to
be "hacker free"?
Can you really monitor remotely the security of a site using a scanner?
Here is an example:
http://www.scanalert.com/
Thanks,
Mark
------------------------------------------------------------------------
-
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
------------------------------------------------------------------------
--
Liability limited by a scheme approved under Professional Standards Legislation
in respect of matters arising within those States and Territories of Australia
where such legislation exists.
DISCLAIMER
The information contained in this email and any attachments is confidential. If
you are not the intended recipient, you must not use or disclose the
information. If you have received this email in error, please inform us
promptly by reply email or by telephoning +61 2 9286 5555. Please delete the
email and destroy any printed copy.
Any views expressed in this message are those of the individual sender. You may
not rely on this message as advice unless it has been electronically signed by
a Partner of BDO or it is subsequently confirmed by letter or fax signed by a
Partner of BDO.
BDO accepts no liability for any damage caused by this email or its attachments
due to viruses, interference, interception, corruption or unauthorised access.
-------------------------------------------------------------------------
Sponsored by: Watchfire
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. Change the way you
think about application security testing - See for yourself.
Download a Free Trial of AppScan 6.0 today!
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000007kaF
--------------------------------------------------------------------------
