HackerSafe - Seems like a crock of...
Posted: Thu May 31, 2007 11:24 am
Has anybody ever heard of HackerSafe? I see this seal all over the place, and to me it seems like a crock of crap. Do these people actually test your site for hacker... "safe-ness"? I have a feeling they do some automated checks and then issue you a seal. Whenever I see this seal I just feel like hacking that site just to spite the stupid seal. 
EDIT: Theory confirmed:
EDIT: Theory confirmed:
Web application testing is the third phase of ScanAlert's daily security audit, and perhaps the most important. According to analyst firm Gartner Group, an estimated 70% of all security breaches today are due to vulnerabilities within the web application layer. Traditional security mechanisms such as firewalls and IDS' provide little or no protection against attacks on your web applications. During this testing phase, all HTTP services and virtual domains are checked for the existence of potentially dangerous modules, configurations settings, CGIs and other scripts, and default installed files. The web site is then "deep crawled," including flash embedded links and password protected pages, to find forms and other potentially dangerous "interactive elements." These are then exercised in specific ways to disclose any application-level vulnerabilities such as code revelation, cross-site scripting and SQL injection. Both generic and software specific tests are performed in order to uncover misconfigurations and coding error vulnerabilities.

