Comparison of Security Services

The following table provides a brief comparison of the features of Netcraft’s Dedicated Server MonitoringAudited by Netcraft and Web Application Testing. For more information, please contact us by email or phone +44(0)1225 447500.
 

Dedicated Server Monitoring Audited by Netcraft Web Application Testing
Testing mechanism Automated Automated Programmed sequence of tests with expert intervention and interpretation
PCI DSS Requirements N/A Satisfies PCI requirement 11.2 Satisfies PCI requirement 11.3
Number of machines tested Single HTTP server Network Network
Test Frequency Weekly
(No on demand scanning)
Daily, Weekly or Monthly
(All include on demand scanning)
Single
Service vulnerabilities All visible services All visible services All visible services
Denial of Service (DoS) detection Yes, including machine, service and protocol specific Yes, including machine, service and protocol specific Yes, including machine, service, protocol and application specific
Information disclosure checks Partial Partial Yes
Source code reviews No No Yes
Application Checks No No In-depth
Analysis report Automated Automated Written by expert
Differential report Yes Yes Yes
Report Delivery Integrated into DSM profile Secure HTTPS publishing Secure HTTPS publishing
SSL certificate checks Yes Yes Yes
Web-pages examined
- depth
- time limit
250 pages
- 3 levels
- 30 minutes
250 pages
- 3 levels
- 30 minutes
Site dependent
- site dependent
- site dependent
Web-page analysis Yes Yes Yes
Search for broken links Yes Yes Yes
Search for broken images Yes Yes Yes
Detection of directory indexes Yes Yes Yes
CGI vulnerability tests Extensive Extensive Extensive, including application specific
Test for script source visibility Yes Yes Yes
SQL Injection tests Partial Partial Yes
Cross-site scripting (XSS) checks Partial Partial Yes
Detection of Operating System Yes Yes Yes
ICMP checks Yes Yes Yes
Windows checks Yes Yes Yes
TCP & UDP port tests Time-limited Time-limited Yes
Stealth testing No No Yes
DNS spoofing No No Yes
RPC testing Yes Yes Yes
Initial Sequence Number prediction Yes Yes Yes
FTP abuse checks Partial Partial Yes
SMTP relay checks (spam) Partial Partial Yes
LDAP checks Partial Partial Yes
SNMP checks Yes Yes Yes
DNS and bind checks Partial Partial Yes
SMB/NetBIOS checks Partial Partial Yes
NFS checks Partial Partial Yes
NIS checks Partial Partial Yes
Password guessing Partial Partial Yes
WHOIS checks No No Yes
Domain checks No No Yes
Spoofing Checks No No Yes