The following table provides a brief comparison of the features of Netcraft’s Dedicated Server Monitoring, Audited by Netcraft and Web Application Testing. For more information, please contact us by email or phone +44(0)1225 447500.
| Dedicated Server Monitoring | Audited by Netcraft | Web Application Testing | |
|---|---|---|---|
| Testing mechanism | Automated | Automated | Programmed sequence of tests with expert intervention and interpretation |
| PCI DSS Requirements | N/A | Satisfies PCI requirement 11.2 | Satisfies PCI requirement 11.3 |
| Number of machines tested | Single HTTP server | Network | Network |
| Test Frequency | Weekly (No on demand scanning) |
Daily, Weekly or Monthly (All include on demand scanning) |
Single |
| Service vulnerabilities | All visible services | All visible services | All visible services |
| Denial of Service (DoS) detection | Yes, including machine, service and protocol specific | Yes, including machine, service and protocol specific | Yes, including machine, service, protocol and application specific |
| Information disclosure checks | Partial | Partial | Yes |
| Source code reviews | No | No | Yes |
| Application Checks | No | No | In-depth |
| Analysis report | Automated | Automated | Written by expert |
| Differential report | Yes | Yes | Yes |
| Report Delivery | Integrated into DSM profile | Secure HTTPS publishing | Secure HTTPS publishing |
| SSL certificate checks | Yes | Yes | Yes |
| Web-pages examined - depth - time limit |
250 pages - 3 levels - 30 minutes |
250 pages - 3 levels - 30 minutes |
Site dependent - site dependent - site dependent |
| Web-page analysis | Yes | Yes | Yes |
| Search for broken links | Yes | Yes | Yes |
| Search for broken images | Yes | Yes | Yes |
| Detection of directory indexes | Yes | Yes | Yes |
| CGI vulnerability tests | Extensive | Extensive | Extensive, including application specific |
| Test for script source visibility | Yes | Yes | Yes |
| SQL Injection tests | Partial | Partial | Yes |
| Cross-site scripting (XSS) checks | Partial | Partial | Yes |
| Detection of Operating System | Yes | Yes | Yes |
| ICMP checks | Yes | Yes | Yes |
| Windows checks | Yes | Yes | Yes |
| TCP & UDP port tests | Time-limited | Time-limited | Yes |
| Stealth testing | No | No | Yes |
| DNS spoofing | No | No | Yes |
| RPC testing | Yes | Yes | Yes |
| Initial Sequence Number prediction | Yes | Yes | Yes |
| FTP abuse checks | Partial | Partial | Yes |
| SMTP relay checks (spam) | Partial | Partial | Yes |
| LDAP checks | Partial | Partial | Yes |
| SNMP checks | Yes | Yes | Yes |
| DNS and bind checks | Partial | Partial | Yes |
| SMB/NetBIOS checks | Partial | Partial | Yes |
| NFS checks | Partial | Partial | Yes |
| NIS checks | Partial | Partial | Yes |
| Password guessing | Partial | Partial | Yes |
| WHOIS checks | No | No | Yes |
| Domain checks | No | No | Yes |
| Spoofing Checks | No | No | Yes |