Comparison of Security Services
Contact SalesThe following table provides a brief comparison of the features of Netcraft’s Audited by Netcraft and Web Application Testing.
| Audited by Netcraft | Web Application Testing | |
|---|---|---|
| Testing mechanism | Automated | Programmed sequence of tests with expert intervention and interpretation |
| PCI DSS Requirements | Satisfies PCI requirement 11.2 | Satisfies PCI requirement 11.3 |
| Number of machines tested | Network | Network |
| Test Frequency | Daily, Weekly or Monthly (All include on demand scanning) | Single |
| Service vulnerabilities | All visible services | All visible services |
| Denial of Service (DoS) detection | Yes, including machine, service and protocol specific | Yes, including machine, service, protocol and application specific |
| Information disclosure checks | Partial | Yes |
| Source code reviews | No | Yes |
| Application Checks | No | In-depth |
| Analysis report | Automated | Written by expert |
| Differential report | Yes | Yes |
| Report Delivery | Secure HTTPS publishing | Secure HTTPS publishing |
| SSL certificate checks | Yes | Yes |
| Web-pages examined | 250 pages, 3 levels deep within 30 minutes | Site dependent |
| Web-page analysis | Yes | Yes |
| Search for broken links | Yes | Yes |
| Search for broken images | Yes | Yes |
| Detection of directory indexes | Yes | Yes |
| CGI vulnerability tests | Extensive | Extensive, including application specific |
| Test for script source visibility | Yes | Yes |
| SQL Injection tests | Partial | Yes |
| Cross-site scripting (XSS) checks | Partial | Yes |
| Malicious JavaScript detection (e.g. shopping site skimmers) | Yes | Yes |
| Detection of Operating System | Yes | Yes |
| ICMP checks | Yes | Yes |
| Windows checks | Yes | Yes |
| TCP & UDP port tests | Time-limited | Yes |
| Stealth testing | No | Yes |
| DNS spoofing | No | Yes |
| RPC testing | Yes | Yes |
| Initial Sequence Number prediction | Yes | Yes |
| FTP abuse checks | Partial | Yes |
| SMTP relay checks (spam) | Partial | Yes |
| LDAP checks | Partial | Yes |
| SNMP checks | Yes | Yes |
| DNS and bind checks | Partial | Yes |
| SMB/NetBIOS checks | Partial | Yes |
| NFS checks | Partial | Yes |
| NIS checks | Partial | Yes |
| Password guessing | Partial | Yes |
| WHOIS checks | No | Yes |
| Domain checks | No | Yes |
| Spoofing Checks | No | Yes |
Contact us to discuss what we can do for you
To arrange a trial, or to discuss your requirements, please contact us!
Contact SalesRelated News
Bangladesh, South African and Iraqi Government sites have been found to be hosting web shells
3 Dec 2021
Around the Net, Security
Netcraft recently confirmed that a Bangladesh Army site was hosting an Outlook Web Access (OWA) web shell. Additionally, an OWA web shell was found on the Department of Arts and Culture site for the South-African Kwazulu-Natal province and an Iraqi...
View full post
The other victims of FluBot: How cybercriminals exploit WordPress to distribute malware
29 Nov 2021
FluBot, Netcraft Services, Security
Netcraft has to date identified nearly 10,000 websites used in the distribution of the FluBot family of Android malware. As detailed in our previous articles on FluBot, these sites are unwittingly hosting a PHP script that acts as a proxy to a further...
View full post
Eswatini Government's gov.sz website is running a cryptojacker
22 Oct 2021
Around the Net, Security
The Government of Eswatini’s website, www.gov.sz, is running a cryptojacker. Cryptojackers use website visitors' CPU power to mine cryptocurrency, most often without their knowledge or permission. Data from archive.org suggests the JavaScript snippet...
View full post