Scanning Service
Some companies offer a periodic scan service, essentially simulating an attack from their server to a client's in order to check if the attack is successful. If the attack succeeds, the client receives detailed information on how it was performed and thus has a chance to fix the issues before the same attack is attempted by someone else. A trust seal can be displayed on the site that passes a recent scan. The scanner may not find all possible vulnerabilities, and therefore sites with trust seals may still be vulnerable to new types of attack, but the scan may detect some problems. After the client fixes them, the site is more secure than it was before using the service. For sites that require complete mitigation of XSS, assessment techniques like manual code review are necessary. Additionally, if javascript is executing on the page, the seal can be overwritten with a static copy of the seal.
Read more about this topic: Cross-site Scripting
Famous quotes containing the word service:
“The true courage of civilized nations is readiness for sacrifice in the service of the state, so that the individual counts as only one amongst many. The important thing here is not personal mettle but aligning oneself with the universal.”
—Georg Wilhelm Friedrich Hegel (1770–1831)