Scanning Service
Some companies offer a periodic scan service, essentially simulating an attack from their server to a client's in order to check if the attack is successful. If the attack succeeds, the client receives detailed information on how it was performed and thus has a chance to fix the issues before the same attack is attempted by someone else. A trust seal can be displayed on the site that passes a recent scan. The scanner may not find all possible vulnerabilities, and therefore sites with trust seals may still be vulnerable to new types of attack, but the scan may detect some problems. After the client fixes them, the site is more secure than it was before using the service. For sites that require complete mitigation of XSS, assessment techniques like manual code review are necessary. Additionally, if javascript is executing on the page, the seal can be overwritten with a static copy of the seal.
Read more about this topic: Cross-site Scripting
Famous quotes containing the word service:
“In the early forties and fifties almost everybody “had about enough to live on,” and young ladies dressed well on a hundred dollars a year. The daughters of the richest man in Boston were dressed with scrupulous plainness, and the wife and mother owned one brocade, which did service for several years. Display was considered vulgar. Now, alas! only Queen Victoria dares to go shabby.”
—M. E. W. Sherwood (1826–1903)