Scanning Service
Some companies offer a periodic scan service, essentially simulating an attack from their server to a client's in order to check if the attack is successful. If the attack succeeds, the client receives detailed information on how it was performed and thus has a chance to fix the issues before the same attack is attempted by someone else. A trust seal can be displayed on the site that passes a recent scan. The scanner may not find all possible vulnerabilities, and therefore sites with trust seals may still be vulnerable to new types of attack, but the scan may detect some problems. After the client fixes them, the site is more secure than it was before using the service. For sites that require complete mitigation of XSS, assessment techniques like manual code review are necessary. Additionally, if javascript is executing on the page, the seal can be overwritten with a static copy of the seal.
Read more about this topic: Cross-site Scripting
Famous quotes containing the word service:
“We too are ashes as we watch and hear
The psalm, the sorrow, and the simple praise
Of one whose promised thoughts of other days
Were such as ours, but now wholly destroyed,
The service record of his youth wiped out,
His dream dispersed by shot, must disappear.”
—Karl Shapiro (b. 1913)