WebSAINT is a cloud-based vulnerability scanner and reporting product. WebSAINT is ideal for organizations that need to perform basic vulnerability scans and reporting of Internet-facing hosts, without the need or added complexity of performing advanced configuration or customization.
- How it Works
WebSAINT operates through the SAINT corporate web site using the SAINT scanning engine. It scans TCP and UDP services on either the customer’s computer or subnet. When WebSAINT detects a service that has a history of security concerns, it performs a detailed analysis. The results of the analysis are delivered via secure HTTP and stored in a database for subsequent access through a secure Web browser.
Using SAINTwriter, SAINT's sophisticated reporting tool, WebSAINT pulls assessment data from its database and generates an HTML page for the customer. Full color charts and tables illustrate the scan results at a glance. Full, executive, overview, detail, and trend analysis reports are available.
WebSAINT operates on any platform supporting a web browser capable of SSL.
WebSAINT is a patented cloud-powered application that enables you to evaluate the security environment of a single computer, multiple computers, or an entire network. Security auditors across the globe find WebSAINT valuable for examining their external networks and associated information technology assets.
WebSAINT is hosted on the web by SAINT Corporation and is based on the SAINTscanner® scanning engine. When you use WebSAINT, SAINT Corporation protects your scan results using the secure socket layer (SSL) protocol. In other words, the link between you and SAINT Corporation is secure.
While WebSAINT is geared primarily toward the security weaknesses of targeted assets, a great deal of general network information can also be gained when using the tool—network topology, network services, types of hardware and software being used on the network, and more.
WebSAINT conducts a scan of TCP, UDP, and RPC services on either the customer's computer or subnet. When WebSAINT detects a service that has a history of possible security concerns, it performs a more detailed analysis. The results of the analyses are then stored for subsequent access through a secured Web browser.
WebSAINT performs many vulnerability tests and uses many of SAINT's pre-defined scan policies. For example, customers that use SAINT Corporation as their ASV will be able to use WebSAINT to initiate their external quarterly scans, using the pre-defined PCI scan policy that adheres to the PCI DSS' ASV Program Guide that requires:
- Vulnerability detection across operating systems, databases, web applications, network devices, services, and more
- Full port scan of all 65535 ports
Vulnerabilities are stored according to severity and tagged with respective codes: red indicates the most critical vulnerabilities; yellow indicates areas of concern; and brown points to areas which may require further investigation by the system administrator.
WebSAINT includes an option for "dangerous checks." This option allows WebSAINT to launch buffer overflow exploits and denial of service attacks which yield more definitive results.
Scan processes can also be configured to provide e-mail notification when scans are complete.
WebSAINT uses SAINT's award-winning reporting engine, SAINTwriter®, that allows you to design and generate vulnerability assessment reports quickly and easily, presenting the findings of even the largest network scans in an easy-to-read format. There are many pre-defined report templates, such as PCI compliance reports, Executive reports, Detailed reports, and Trending. The trend analysis report allows you to quantitatively analyze your results and provide feedback on the effectiveness of your on-going remediation program. Reports can be easily exported to other applications like spreadsheets, word processors, and databases by explorting in a number of formats, such as XML, CSV, and PDF.
The following features allow WebSAINT's maximum versatility in a wide variety of environments:
- Flexible configuration options
- Firewalled environment capability
- Scan scheduling (immediate, one-time, daily, weekly, monthly)
- Windows domain authentication
- Optional dangerous checks
- HTML, PDF, CSV, XML or text reports
- No setup is necessary—runs on-line from the secure WebSAINT server
WebSAINT is accessible from any platform supporting a web browser capable of secure SSL connectivity (128-bit encryption is recommended). Environments using the latest versions of Safari, Firefox, or Internet Explorer provide optimum operation.