Scanning Service
Some companies offer a periodic scan service, essentially simulating an attack from their server to a client's in order to check if the attack is successful. If the attack succeeds, the client receives detailed information on how it was performed and thus has a chance to fix the issues before the same attack is attempted by someone else. A trust seal can be displayed on the site that passes a recent scan. The scanner may not find all possible vulnerabilities, and therefore sites with trust seals may still be vulnerable to new types of attack, but the scan may detect some problems. After the client fixes them, the site is more secure than it was before using the service. For sites that require complete mitigation of XSS, assessment techniques like manual code review are necessary. Additionally, if javascript is executing on the page, the seal can be overwritten with a static copy of the seal.
Read more about this topic: Cross-site Scripting
Famous quotes containing the word service:
“Service ... is love in action, love made flesh; service is the body, the incarnation of love. Love is the impetus, service the act, and creativity the result with many by-products.”
—Sarah Patton Boyle, U.S. civil rights activist and author. The Desegregated Heart, part 3, ch. 3 (1962)