Gamasec’s web application vulnerability Scanning does automated search for security weaknesses in web applications and produces a detailed security report with recommendations for optimally matched solutions. GamaSec identifies application vulnerabilities ( e.g. Cross Site Scripting (XSS), SQL injection, Code Inclusion etc.. ) as well as site exposure risk, ranks threat priority, produces highly graphical, intuitive HTML reports, and indicates site security posture by vulnerabilities and threat exposure.

1. Website Applications can be vulnerable to over 20 different kinds
of attacks. Give your application the best defense with a
GamaSec Application Vulnerability Scan.
You Need - You’ve just finished off a great week. As you are about
to go home for the weekend, the phone rings. It’s your IT Team, and
they’ve discovered that someone has found a way into your web
application through your website, and is wreaking havoc to all your
work, and gaining access to all your corporate data. When you
deployed your web application, it was completely secure: what
happened?
Changing Security – Hackers & Intruders are finding new ways to
gain access to your web application through your website around the
clock. There are over 20 known families of attacks, and new
vulnerabilities are being found on a regular basis.
Stay Safe – With GamaSec Application Vulnerability Scans, you can protect your customer & corporate
data before it is attacked. The Scan is configured to your website and simulates real attacks based on a
continually updating repertoire of known vulnerabilities. A report will then be produced, detailing the
results along with the severity of the vulnerabilities, and recommendations for patches and fixes.
So Simple – Once configured to your site, the scan runs automatically on the schedule you set; and the
report is available for you via a control panel login.
How its work
A Web application scanner crawls the entire website, analyzes in-depth each & every file, and displays
the entire website structure. After this discovery stage, the scanner performs an automatic audit for
common security vulnerabilities, security breaches & risks which are validated against a continually
updated service database.
Once the vulnerability scan is
completed, GamaSec delivers an
executive summary report to
management and a detailed report
to the technical teams. Both
reports list the vulnerabilities
found, along with the severity
levels of each vulnerability as well
as appropriate recommendations.
Regular scans are beneficial, because as you make changes to your web server, you may be
inadvertently creating new vulnerabilities, whether you know it or not.

2. Features of the GamaSec Vulnerability Scanner
Tailor-made Application – GamaScan is not based on an existing vulnerability scanner. The GamaSec
service is a pure in-house development with real-time market adaptation. We can tailor your service
requirements and adapt to your strategic partnership’s needs.
Web Application Attacks Engine – GamaSec is the only company today that covers more than 20
web vulnerability application families with the capacity to create a tailor made attack. We can adapt to
any web site configuration and produce dynamic tests which will create relevant reports of online scan
findings.
Next Generation GamaSec – GamaSec is actively producing the next generation service & solutions.
GamaSec will be the first company online to offer scanning through user login, on web-form
authentication pages.
Automatic False Positive Prevention Engine – The number of configuration differences among Web
Server platforms creates a difficult environment to assess Web Application risks without responses that
are false positives. GamaSec effectively addresses this issue by creating dynamic false-positive filter
rules automatically without any manual interference. The sophisticated GamaSec proprietary hashing
system manages and inspect seven dynamically generated pages & includes them internally for
automatic rules generation.
Component-oriented Web Crawler and Scanner Engine - Web Applications are becoming more
complex everyday. Reverse proxies can obscure multiple platforms and technologies behind one simple
URL. The GamaSec Scanner will crawl through the Web Applications using a component-oriented
perspective. For every available component found, GamaSec explores its relationship within that
application and constructs customized and effective security checks.
Most Complete Web-Attack Signatures Database - Using the most up-to-date attack signature
database available, GamaSec can, with highest degrees of certainty, inspect your web server
infrastructure against threats. The ever varying signatures & risk factors from myriad technologies;
ranging from 3rd party software packages to well-known web server vendors and internal R&D
vulnerabilities, can all be processed by your GamaSec security team.
Simplify Setup and Operations - There is no need to add any special hardware or in-house experts.
Traditional network security management can be quite complex. By integrating an automated, web-
based security audit solution you solve a major business headache with the most elegant lowest-cost
solution. Any standard browser with standard TCP/IP communications permits you to run scans, view
findings, and implement recommended solutions.
Support HTTP Web Authentication Schemes - GamaSec supports the widest variety of HTTP
Authentication schemes, common HTTP protocol, BASIC, NTLM with abilities to analyze the broadest web
technologies; PHP, ASP.NET, ASP, etc.

3. Enhanced Report Generation for Scanning Comparison - GamaSec includes an internal report
creation engine. With enhanced features it provides the ability to create comparison and trend analysis of
your web applications vulnerabilities based on scan results generated over selected time periods.
The Benefits of GamaSec Automated VA (Vulnerability Assessment)
Regular use of automated, on-demand GamaSec VA will help you:
Accelerate repairs by ranking and prioritizing vulnerabilities, and linking you to validated
remedies. Time is critical when defending against high-speed digital attacks. An audit service that
discovers holes and ranks the severity of problems saves valuable research and repair time.
Provide dramatic operational cost savings for assessment and patch management. Compared to
manual testing and/or third-party quot;pen-testquot; consultants, automated Vulnerability Assessment offers
compelling savings in both time and money.
Reduce human error by double-checking actions of security staff with unbiased, reliable
auditing. Human beings make mistakes. Automated Vulnerability Assessment helps prevent security
errors by serving as an extra pair of eyes that never sleep. Running audits before and after installing new
hardware or software can ensure proper configuration and prevent vulnerabilities that have been
inadvertently introduced by security policy changes.
Simplify set-up and operations without adding special hardware or additional experts. Although
traditional network security management can be complex, using an automated, Web-based security audit
solution is simple. Any standard browser and standard TCP/IP communications allows you to run scans,
view reports, and download patches.
Monthly online reports. Automatic audit scans are pre-scheduled and performed on a Monthly basis.
Detailed reports, security configuration advice, and hotlinks to patches and problem fixes appear in your
report shortly after you complete a network audit. Instead of relying on a consultant's schedule, you can
assess your network defenses whenever & wherever you are.