Web Application Scanning

Easy, Cloud-Based Scanning and Detailed Analysis

Recent statistics reveal that as many as 70% of websites have vulnerabilities and according to Gartner and the U.S. Computer Emergency Response Team (U.S. CERT), 75% of new attacks specifically target the application layer in order to exploit these weaknesses and steal critical financial and customer data. Web Applications are the weakest link and many organisations struggle to identify all their web applications, let alone secure them from constantly evolving cyber criminals.

Proficio’s ProSCAN service, powered by QualysGuard, is a cloud service you use through your browser, so there’s no software to install or maintain. You can accurately and efficiently test your apps, no matter where they are – on internal networks, hosted on the Internet or in Cloud platforms such as Amazon. Relied on by leading companies with some of the most demanding web apps in the world, ProSCAN will help you safeguard your apps, whether you have just a few apps or many thousands. The key features of ProSCAN include:


Static Analysis

Static Analysis looks at applications in a non-runtime environment and can evaluate both web and non-web applications to detect flaws in the software’s inputs and outputs that cannot be seen through dynamic web scanning alone. Proficio uses industry leading tools to provide this analysis. Static Code Analysis scans source code, identifies root causes of software security vulnerabilities and correlates and prioritizes results giving you line–of–code guidance for closing gaps in your security.

Dynamic Analysis

Dynamic analysis security testing identifies and remediates security issues in running web applications before hackers can exploit them. Vulnerabilities in web apps can lead to “SQL Injections”, “cross‐site scripting”, and other code‐based attacks. These attacks can evade traditional enterprise network defenses and wreak havoc unless new precautions are implemented. By dynamically testing web applications at run-time, ProSCAN inspects applications the same way a hacker would attack them – providing accurate and actionable vulnerability detection.