Thursday, October 18, 2007

ScanAlert, Hacker Safe?


Yesterday, i heard from my colleagues that we would be joining forces with ScanAlert and i was really puzzled with the move. I was asking myself that if ScanAlert is really Hacker Safe? Are they really that good with their scanners? Did they use open source scanners and customized it to their own? Are those clients they have really safe from hackers? Can i say that if i use ScanAlert service to scan my website or network, i will be safe from hackers? There are a lot of questions in my head and i think ScanAlert has a good way of doing marketing. They make every customer insert their logo onto their own site which provide more visibility of ScanAlert's Service. Well, it is a good from a company point of view because they are recognized and make money out of it, however, that doesnt mean that by using their service, i will be free from attackers. Not long ago, i remember members of sla.ckers.org posted XSS vulnerabilities on their site. So can i say that if i can find XSS on their site, their scanners are shitty and they are still hackers safe? I don't know, just my 2 cents worth. Anyway, i managed to digg out the XSS vector that was injected at their site sometime ago, however, they already patched it.

https://www.scanalert.com/SignUp.sa?act=step1&oc=%27%29return+0%3B%7Dalert%280%29%3Bfunction+blah%28%29%7Bif+%280%29%7B%2F%2F

https://www.scanalert.com/SignUp.sa?adds106=2&act=step3&company.name=touchme%22%20onmouseover=%22alert('Hacker%20Safe?');%22

The Hacka Man

No comments: