On October 15th, CyStack Vietnam officially launched Web Security – an effective tool to scan and monitor websites and applications for cyber security vulnerabilities.
The rising demand of security for websites and web applications
In recent years, the demand for building an online business and digital transformation is rapidly increasing. Bringing your business to the internet, or building and distributing online applications are the inevitable trends in the current digital era.
However, according to website attacks reports made by CyStack and other cybersecurity companies, the number of cybercriminals and attacks on websites is increasing exponentially, causing heavy consequences for suppliers and end users.
Recognising the rising demand for web applications security, while current measures cannot meet the practical needs of many individuals and businesses, CyStack security engineers have researched the best cybersecurity methods for web application to solve this problem.
We realised that there is no better way to protect a website than manual security testing, which allows a team of cybersecurity professionals to assess that website and find its vulnerabilities. Website owners will be informed of these vulnerabilities thus fixing them early and reduce the chance of attackers attacking the website.
Nevertheless, the limitation of this method is that the implementation cost is usually very high compared to the total cost of a website nowadays. While web application development companies can easily perform quarterly security assessment projects, it is much harder for individual online businesses, or developers’ web applications projects that are still in the development stage. The cost for manual security testing is too high and not really necessary.
To solve those problems, we find ourselves facing 2 challenges. The first is how to build an effective website security tool which is comparable to manual security testing. The second is the cost for this approach must be affordable and accessible.
Attempt to research effective and affordable website security solutions
After one year of researching, CyStack officially launched Web Security, an effective vulnerability scanning and security monitoring tool for websites. Web Security has the ability to automatically simulate the manual tests of cybersecurity engineers, thereby protecting the websites better than other conventional tools.
If the websites or web applications do have vulnerabilities, website owners will receive an immediate alert with detailed information about the vulnerabilities which are threatening the websites. This information (including remediation recommendations) will be used to fix these vulnerabilities, making the website more secure.
The effectiveness of Web Security is evaluated based on the number of vulnerabilities it can detect and the speed of updating new vulnerabilities. To improve this, CyStack had built a dedicated team of security engineers tasked with monitoring the latest web and application vulnerabilities around the whole world, writing the exploits for those vulnerabilities and updating them into Web Security’s vulnerability database. With this, Web Security will be able to detect the latest vulnerabilities in customers’ websites and applications.
Web Security main features
- Vulnerability Scanning: OWASP is an important standard to follow when performing the security assessment for websites and applications. Web Security scans for OWASP Top 10 vulnerabilities and other known vulnerabilities with a daily maintained and updated vulnerability database. These vulnerabilities include detailed information and are categorized by multiple criteria such as severity, CVSS score, or location.
- Detecting subdomains and performing Vulnerability Scanning on them: This is a very important feature of Web Security. Normally an application development business can have many assets such as APIs, third-party web services for software development. If not carefully managed, these subdomains can be taken over by hackers and used as a weapon to attack the developer’s application. Thus Web Security automatically detects all subdomains and scans for their vulnerabilities.
- Server Security Monitoring: Despite being the biggest risk, security vulnerabilities are not the only threat in website security. Web Security provides the ability to continuously monitor SSL security certificates, open communication ports, blacklists or hacked website lists. Users will receive a warning immediately whenever a security incident occurs, thereby keeping the website and application in the best security state.
- Website and Vulnerability Management: Web Security’s visualised interface helps the process of monitoring the websites and currently open vulnerabilities easier. The filters enable users to quickly find the desired information and work more efficiently. In addition, Web Security allows marking a vulnerability as “fixed”, “won’t fix” (accepting the risk), or false positive.
- Professional PDF report exporting: Users can download the scan reports, including the detailed information that Web Security had discovered in the website or application; use the reports to communicate with their team for website vulnerability remediation.
- Integrating into collaboration softwares: Allow users to receive alerts about vulnerabilities and security incidents via multiple channels such as Email, Slack, Telegram.
Users’ cost is one of our top concerns. The cost of using Web Security must be lower than manual security methods and foreign softwares so that more people can access, thereby securing as many websites and applications as possible.
Therefore, we introduced the Quick Scan package, which allows pay-per-scan at the price of 199,000 VND per scan for developers and general users who want to protect their websites and applications. In addition, the Deep Scan package is designed with an unlimited number of scans, for start-ups in their early stages to continuously scan their applications at a monthly expense. The Monitoring package is tailored for businesses with application and server systems with many subdomains and APIs.
Users can flexibly choose packages and payment methods that most suit their needs.
To welcome new users, we are giving out 2 offers:
- Users can get a FREE first scan for their websites.
- Discount 10% for the first order, for the first 100 users. Discount code: “WSST100U”.
- The free scan is a Quick Scan and will be usable after a user has successfully verified their website.
- Please enter this Discount code in the Checkout page to claim the offer. The code is only usable for the first Order and only once per account.
Start a web security scan in 3 steps
Web Security can be accessed and used directly on any web browser (Chrome, FireFox, etc.) without any downloading at: web.cystack.net.
- Step 1: Go to web.cystack.net, register an account and log in.
- Step 2: Add a website and verify the website.
- Step 3: Start the scan and wait for the results.