ESDS launches MTvScan
ESDS Software Solution Pvt Ltd is a well known name in the Web hosting industry. With five of its major brands being present in markets spread across three continents, ESDS has always offered its customers effective and cost-efficient solutions for the past nine years. ESDS has launched a first-of-its-kind service that can be considered as a complete online threat and vulnerability management service. It is known as ‘MTvScan’, which is a short form of Malware Trojan Vulnerability Scan. MTvScan audits the website or Web application online, so users need not give server level access to ESDS.
The features of MTvScan
1. Checks domain reputation in Google, SURBL, Malware Patrol, Clean-Mx, Phishtank: MTvScan checks whether its client’s domain is listed with the databases mentioned above, as they store IP addresses and domains that lead to malware, spamming and phishing activities. 2. Checks mail server IP in 58 RBL repositories: RBL (Real-time Blackhole List) or DNSBL (DNS-based Blackhole List) is a list of IP addresses whose owners refuse to stop the proliferation of spam. The RBL usually lists server IP addresses from ISPs whose customers are responsible for the spam, and from ISPs whose servers are hijacked for spam relay. 3. Scans MySQL, MSSQL, PGSQL, Oracle databases for SQL injections: It is a trick that exploits poorly filtered or not correctly escaped SQL queries into parsing variable data from user input. 4. Scans Local File Injections (LFI): An LFI injects files on a server through the Web browser. This vulnerability occurs when a page that is included is not properly sanitised and allows directory traversal characters to be injected. 5. Scans Remote File Inclusion (RFI): An RFI allows an attacker to include a remote file, usually through a script on the Web server. The vulnerability occurs due to the use of user-supplied input without proper validation. This can cause code execution on the Web server. Code execution on the client-side, such as JavaScript, can lead to other attacks such as cross site scripting (XSS), DoS, data theft, etc. 6. Scans XSS or cross site scripting • This is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject a client-side script into Web pages viewed by other users. • Detects forms on the Web pages and scans for GET and POST requests. • Currently, it scans for reflected XSS. There are future plans for stored XSS, which occurs when a Web application gathers input from a user which might be malicious, and then stores that input in a data store for later use. 7. Scans malware • Website defacement checks: Website defacement is an attack on a website that changes the visual appearance of the site or a Web page. • Forceful redirect injection testing. • Scans JavaScript code snippets against generic signatures: Checks for dangerous JavaScript functions like eval, base64_decode, char, etc. Checks for Iframes. • Special algorithm developed to detect JavaScript obfuscation: Obfuscation is used to convert vulnerable code into unreadable format. • Third party links check: It checks third party links with reputation databases. 8. Intelliscan: This is agent-based serverside source code scanning. • Scans all files for generic signatures. • Scans all files with LMD MD5 and Hex signatures. • JavaScript obfuscation detection. 9. Detects and scans CMS • Very few scanners provide this feature. • Scans WordPress, Joomla and vBulletine. • Scans themes, plugins and unprotected admin areas. • User enumeration. • Brute forcing to detect simple passwords. • FPD - File Path Disclosure scanning. • Scans CMS in all directories. 10. Checks for open ports on the server 11. Banner scanning: Administrators can use this to take an inventory of the systems and services on their network. An intruder can use banner grabbing in order to find network hosts that are running versions of applications and operating systems with known exploits. 12. Directory scanning: The goal of this scan is to order an application to detect a computer file that is not intended to be accessible. This is caused by a lack of security for directory access on the Web server. 13. Detects open or sensitive admin areas of the site: Scans for sensitive areas on the sites, which ought not to be open to all. 14. Reverse IP domain check: Finds out all other domains hosted on the same server (the server on which the scanning domain is hosted).