Website Vulnerability Scanning

Easily fix vulnerabilities and keep your site secure and compliant.

When organizations think of hackers and external security threats, they immediately focus on firewalls, access rules, and intrusion detection.

But cyber criminals are focusing their efforts on exploiting weaknesses in web applications such as:

• Forms
• Content Management Systems
• Login Pages
• Wordpress Blogs

They focus on these web applications because they are accessible 24/7 and control valuable data, since they often have direct access to back-end data. Defense at the network security level will provide no protection against attacks to web applications.

Crawling and Detection

Our deep scanning engine allows accurate crawling of websites that leverage complex technologies and programming standards. At the heart of our engine, is a fully automated web browser that allows us to test any web application as though it is running inside of a user’s internet browser. The engine can seamlessly interact with complex controls just as a user would, significantly increasing the scanner’s coverage of the website application.

Lowest False Positive Rates

False positives reduce confidence in the scanner and waste the time of penetration testers and developers alike in trying to find and fix vulnerabilities. Our tool provides the lowest false positive rate in the industry, saving valuable time for your security and development teams.

LKCS’ website vulnerability scanner finds over 4,500 types of weaknesses, including:

• SQL Injection
• Cross-Site Scripting
• Code Execution
• CRLF Injection
• Directory Traversal
• Arbitrary File Creation and Deletion
• Email Injection
• File Upload, Inclusion, and Tampering
• PHP Code Injection

WordPress Security Scan Features

With more than 24% of websites on the internet running WordPress, its security is becoming an increasingly important factor in an organization’s security posture. While WordPress’ core was designed with security in mind, the same cannot be said about the thousands of plugins that extend the WordPress ecosystem. Our vulnerability scanner identifies WordPress installations and will launch security tests for over 1,200 popular plugins.

Reporting and Remediation

We include a set of Internal Management reports and a range of Compliance Classification reports to help keep track of detected vulnerabilities.

The developer report provides a comprehensive summary containing:

• Scan Details
• Server Details
• Alert Summary
• Alert Details
• Pages with long response times
• External Links
• Email Addresses
• Client Scripts
• External Hosts

FFIEC Cybersecurity Assessment

Financial institutions must now scrutinize their exposure and ability to manage cybersecurity risks through the FFIEC Cybersecurity Assessment.

LKCS’ website vulnerability scanning solution will help you comply with the following guidelines:

• Conduct independent testing and vulnerability scanning of critical web-facing applications.
• Perform these tests routinely to identify security control gaps.
• Execute tests on internet-facing applications or systems before they are launched or undergo significant change.