Web-Security
With an external view of your web services, websites, IPs or your online store, you can detect weak points, configuration errors or performance varnishes within seconds.
Live monitoring of your web applications
Identify immediately where the most urgent action is needed to secure your website against cyberattacks.
The Observer stands for the “view from outside”. It examines what information can be gained simply by observing your endpoints from the outside, without having internal access to the systems. It virtually takes the view of a potential attacker and checks your system based on all available information.
Enginsight examines your websites, web services, IPs, online stores for the technologies behind them. Enginsight captures the respective frameworks, CMS systems, version numbers, certificates, encryption protocols and the resulting security vulnerabilities.
Thanks to intuitive ratings (A++ to F) you know immediately where the most urgent action is needed to secure your website / web applications against cyber attacks.
- Web applications (e.g. e-commerce, ticket systems...)
- CMS Systems
- Frameworks
- Code base (e.g. Java, PHP ...)
Based on the identified environment, Enginsight subjects the technologies to a CVE scan. This gives you an immediate overview of insecure and outdated technologies. If CVEs are detected on your website, you should become active and apply appropriate updates.
The detection of security holes is based on the standards of OWASP. OWASP is an open community with the goal to support companies and organizations in developing secure applications.
- Alarm on new security gaps
- Determination of the CVSS v3 score
- OWASP Scan
The use of SSL/TLS is standard today in the communication between client and web server and is also legally required in the DSVGO. However, not every encrypted connection is automatically secure. In this way, obsolete protocols and encryption algorithms can be eliminated.
The check is performed regularly according to the current status of known security vulnerabilities. In addition, your certificates are monitored for validity and expiration date.
For example, you will be alerted immediately if the certificate becomes invalid or the trustworthiness is no longer given.
- Certificate check
- Protocols (TLSv1.3, TLSv1.2...)
- Checking the ciphers
- Compliance with GDPR regulations
You define the conditions of HTTP communication between server and client as server or website operator by means of HTTP headers. The headers have a significant influence on the security of the connection. Enginsight checks if you have set the HTTP headers correctly and provides suggested changes.
With the help of HTTP headers, you can significantly increase the security of your customers and website visitors with regard to security gaps such as XSS, click hijacking or terminal hacks.
- Strict-Transport-Security
- X-XSS-Protection
- X-Frame-Options
- Content-Security-Policy
The port scan checks any server for unnecessarily open ports and missing firewall settings. You will be alerted immediately if anything changes in the port configurations.
The port scan also shows which software communicates via which ports.
The detected software behind a port is directly checked for security holes.
- Detect open ports
- Identify vulnerabilities behind ports
- Security-Scoring
- Detect port status
Invasive security scan with automated pentests
In addition to the permanent monitoring by the Observer, you should subject your websites to an automated pentest at regular intervals. Simply use the Hacktor software component, which also uses invasive hacking methods.
- Cross-Site-Scripting
- SQL Injection
- File Inclusion
- Bruteforce
Product demo
Arrange a demo appointment today and we will show you how quickly you can get a grip on your company’s IT security.
Within 30 minutes you’ll learn how Enginsight can help you monitor all your IT, identify vulnerabilities and simulate hacker attacks. We show you how you too can increase the security status of your IT within the shortest possible time and what is really important in everyday life to relieve your IT staff and still be up-to-date.
FAQ - SHORT QUESTIONS, SHORT ANSWERS
Enginsight was developed according to the principle “Security by Design”. The IT architecture behind Enginsight has been tested many times and offers you the highest security as SaaS and on-premises. Please feel free to contact us for exact details on the IT architecture of the platform.
You can use the platform for 14 days free of charge or arrange a direct demo appointment with us. Here you can get further information.
The entire platform is ready for use within minutes in both SaaS and on-premises versions. All analyses run automatically, so that you receive a well-founded security audit without configuration effort as well as constant live monitoring of your entire IT.
After the test phase, Enginsight can be used as a cloud solution for as little as 10 euros per year (Enginsight GO). All SaaS prices can be found here. For an on-premises calculation please contact our sales department. Here the prices are calculated individually according to your IT size.