N-Stalker Web Application Security Scanner Listing updated: February 29, 2008

N-Stalker Web Application Security Scanner 2006 is a web security assessment tool that incorporates the well-known N-Stealth HTTP Security Scanner and its 35,000 Web Attack Signature database, along with a Component-oriented Web Application Security Assessment technology, which is capable of sweeping your Web Application for a large number of vulnerabilities common to this environment, including Cross-site Scripting and SQL injection, Buffer Overflow and Parameter Tampering attacks and much more.

• Company: N-Stalker
• URL: www.nstalker.com
• Email: contact@nstalker.com
• Price: $299 - $7,000

• Users' Rating: 4.29 [28 votes] - Vote
• Comments: 0 comments - Post

dotDefender Listing updated: December 6, 2007

dotDefender secures Websites from a broad range of HTTP-based attacks, including Session attacks (Denial of Service), Web application attacks (SQL injection, Cross-site scripting, Schema crawling, XPath injection, XPath XSS and known attack signatures), as well as requests originating from known attack sources (spammer bots and compromised servers). dotDefender installs on the Web server along with a predefined, configurable rule-base, thus enabling it to secure the Web environment from the moment it is deployed, with virtually no administrator intervention. 30-day evaluation version is available for download.

• Company: Applicure Technologies
• URL: www.dotdefender.com
• Email: info@applicure.com

• Users' Rating: 4.25 [12 votes] - Vote
• Comments: 0 comments - Post

ScanDo Web Application Scanner Listing updated: March 7, 2005

The ScanDo Web application scanner allows the enterprise to conduct ongoing risk assessments to identify the vulnerability of Web applications to hostile attack. It identifies security weaknesses in the Web applications environment and helps eliminate them before they are exploited by hackers and thieves. It scans Web application technologies, including Flash, JavaScript, ASP, XML and Web Services. ScanDo offers control of both automated and manual scanning as well as the ability to replay discovered vulnerabilities to conduct in-depth analysis.

It supports a database for all scanning results with Web reporting for centralized management, and it provides privacy through detection of Social Security and credit card numbers. ScanDo offers a three-stage process for application risk assessment. First, it explores the entire Web application environment and registers its structure and contents. Then it mimics actual hacking methods to identify and uncover the details of any point that is susceptible to attack. In the third stage, ScanDo outputs all scan results into reports that show how to eliminate vulnerabilities.

• Company: Kavado
• URL: www.kavado.com
• Email: info@kavado.com

• Users' Rating: 4.18 [11 votes] - Vote
• Comments: 0 comments - Post

Acunetix Web Vulnerability Scanner Listing updated: February 29, 2008

Acunetix Web Vulnerability Scanner tests the security of your website by crawling through it and launching popular attacks such as cross site scripting, SQL injection and more. Identify vulnerabilities in shopping carts, forms, secured areas and other web applications before hackers do! 75% of internet attacks are on web based applications!

• Company: Acunetix
• URL: www.acunetix.com
• Email: info@acunetix.com

• Users' Rating: 4.18 [17 votes] - Vote
• Comments: 0 comments - Post

Sandcat Suite Listing updated: August 5, 2005

Sandcat is a tool for managing the risks associated with web-based deployments and applications. Using Sandcat as a part of a complete security initiative allows organizations to ensure regulatory compliance and to minimize their risk posture. Sandcat is a set of tools that lets you secure several different web applications. You can use Sandcat to secure web servers, application servers, and web application environments that are susceptible to a growing variety of preventable attacks, including buffer overflow, parameter tampering, cross site scripting, unauthorized access, and other remotely-triggered attacks.

• Company: Syhunt Security
• URL: www.syhunt.com
• Email: contact@syhunt.com

• Users' Rating: 4 [17 votes] - Vote
• Comments: 0 comments - Post

SecureIIS Web Server Protection Listing updated: July 5, 2006

Web servers provide a portal to your internal network, so they require a more formidable and customized level of protection above and beyond what network firewalls or IDS can provide. SecureIIS provides web server security for the Microsoft IIS platform, with windows server firewall protection from both known and unknown vulnerabilities. SecureIIS works within the IIS web server, actively inspecting all incoming requests at each stage of data processing to prevent potentially harmful network traffic — whether encrypted or not — from penetrating your server. Even un-patched web servers security needs are addressed and protected from potentially damaging "known" and "unknown" attacks. Unlike intrusion detection systems or server firewalls that rely on signature databases to determine if an attack is taking place, SecureIIS provides webserver security against entire classes of attacks, without the resource drain of constantly updating signature attack profiles.

• Company: eEye Digital Security
• URL: www.eeye.com
• Email: info@eeye.com
• Screenshot: click here
• Price: $1295

• Users' Rating: 3.67 [21 votes] - Vote
• Comments: 0 comments - Post

VForce Listing updated: February 29, 2008

VForce is a web application security scanner, that simulates attacks for the purpose of testing and analysing a web application for security weaknesses. Like other tools it scans for buffer overruns, manipulation of HTTP requests, brute force vulnerabilities, etc.

• Company: Virtual Forge
• URL: www.virtualforge.net
• Email: info@virtualforge.net
• Price: €209 single license

• Users' Rating: 2.83 [6 votes] - Vote
• Comments: 0 comments - Post

LockoutGuard Listing updated: June 19, 2008

LockoutGuard from Collective Software augments the capabilities of ISA 2006 to allow a “soft lockout”.

LockoutGuard can be configured to start denying authentication attempts before the AD lockout limit is reached. This acts as an additional tier of “lockout security”, safely locking the account out of the extranet. During soft lockout of a user's account, password guessing on the extranet will fail since LockoutGuard is blocking authentication attempts for that account. Even during this soft lockout, the user account can still be logged in from inside your LAN, or over a VPN. Thus, the DoS potential is substantially controlled, with a minimum inconvenience.

• Company: Collective Software
• URL: www.collectivesoftware.com
• Email: info@collectivesoftware.com

• Users' Rating: no votes - Vote
• Comments: 0 comments - Post

PageGuard Listing updated: June 19, 2008

PageGuard from Collective Software augments the capabilities of ISA 2006 to allow HTTP site publishing with HTTPS authentication. PageGuard integrates into ISA to solve protocol redirection without resorting to scripts or other changes on your web servers.

PageGuard can protect the authentication dialog on a dual HTTP/HTTPS listener and require login over HTTPS, without requiring all parts of the site to use HTTPS; PageGuard can specify certain publishing rules, URLs, and/or file extensions that should always be served over HTTPS. This flexibility allows you to protect certain content or pages such as: Sensitive documents, Secondary login forms of your internal servers that should be served over HTTPS when being transmitted over the Internet; PageGuard can specify certain publishing rules, URLs, and/or file extensions that should always be served over HTTP. This allows you to “force” connections to go to HTTP after authentication is completed, or after an HTTPS page has been viewed.

• Company: Collective Software
• URL: www.collectivesoftware.com
• Email: info@collectivesoftware.com

• Users' Rating: no votes - Vote
• Comments: 0 comments - Post