SAINT network vulnerability scanner logo
SAINT Home page |About SAINT network vulnerability scanner |Download SAINT |News & Upcoming Events |About SAINT Corporation |Contact SAINT Corporation |
SAINT products & services
SAINT5 product information
SAINTbox
WebSAINT product information
SAINT Certification Information
SAINT consulting services
Information
SAINT network vulnerability assessment Updates
SAINT documentation
SAINT and data privacy laws
Search the SAINT web site
Buy Now
SAINT5 order form
WebSAINT order form

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 
 

WebSAINT® Frequently Asked Questions

  I ran the WebSAINT® scanner and the report indicated that I did not have any vulnerabilities. Did the software really do an assessment?
  We have a firewall, and when I ran the WebSAINT® scanner, the report came back in a short period of time. No vulnerabilities were detected, which makes sense. Is there a way I can run the scanner inside the firewall?
  The address which WebSAINT® says it's going to scan is not the address of my machine. Why not?
  Will a WebSAINT® scan cause my network to crash?
  Will WebSAINT® scan nodes on a Novell network? Other platforms?
  Is WebSAINT® downloaded to my machine?
  Is the scan being conducted over a secure line?
  How can I be assured that the reports delivered to me are secure?
  What are the "Top 20 Vulnerabilities"?
  Which machine(s) will be scanned by WebSAINT®?

1. I ran the WebSAINT® scanner, and the report indicated that I did not have any vulnerabilities. My computer can't be perfect. Did the software really do an assessment?

A scan was run if you received the e-mail indicating that the scan completed. If you are a Windows client, there may not be any detectable vulnerabilities if the domain administrator credentials were not provided. Indeed, many workstations have no services (e.g., Web server, ftp server, etc.) at all. WebSAINT® checks your computer's services which are available over the Internet.

TOP

2. We have a firewall, and when I ran the WebSAINT® scanner, the report came in a short period of time. No vulnerabilities were detected, which makes sense. Is there a way I can run the scanner inside the firewall?

The easiest way to scan a host behind a firewall is to ask your network administrator if the firewall could be temporarily configured to permit all traffic from the WebSAINT® engine (www.saintcorporation.com) to the host or network being scanned. This configuration would need to be implemented only while the scan was running. If a single host scan revealed many problems, the next logical step would be to network scan multiple hosts and permit traffic from WebSAINT® to the Class C network.

If permitting traffic through the firewall is not an acceptable alternative, SAINT Corporation addresses the challenge of firewalls in other ways. Under a consulting service agreement, we will send a member of our Security Incident Group (SIG) staff to visit your site to perform assessments behind the firewall. For each Class C segment of your network, an assessment takes approximately four hours. Contact us for more information.

TOP

3. The address which WebSAINT® says it's going to scan is not the address of my machine. Why not?

Your computer may be situated behind a firewall which is performing address translation (a.k.a. address masquerading) where all machines behind the firewall are masqueraded as the firewall. This is a good thing from a security perspective, but it prevents WebSAINT® from being able to scan any machines on the protected network other than the firewall itself.

TOP

4. Will a WebSAINT® scan cause my network to crash?

When initiating a WebSAINT® scan, you will have the option of enabling or disabling dangerous checks. If this option is disabled, then WebSAINT® will not run checks which cause targets to crash.

TOP

5. Will the WebSAINT® scanner assess nodes on a Novell network? Other platforms?

All TCP services will be detected and analyzed, regardless of the platform.

TOP

6. Is the WebSAINT® scanner downloaded to my machine?

No. WebSAINT® performs the scan from our WebSAINT® server. No software is downloaded to your machine.

TOP

7. Is the scan being conducted over a secure line?

No. The scan simulates what a hacker could do. However, all payment information and results reports are encrypted by Secure Socket Layer (SSL) via our secure server. If your Web browser is capable, we use high power 128 bit encryption.

TOP

8. How can I be assured that the reports delivered to me are secure?

A digital certificate held by Thawte identifies the saintcorporation.com SSL (Secure Socket Layer) certificate to your Web browser. SSL is a widely used security protocol that provides data encryption, server authentication, and message integrity. The certificate is your assurance that your transaction is with saintcorporation.com. 

9. What are the "Top 20 Vulnerabilities"?

The "SANS/FBI Top 20 Vulnerabilities" are the twenty most critical Internet Security Threats as determined by SANS. WebSAINT's Full, Overview, and Trend Analysis reports contain a column indicating whether or not vulnerabilities are in the top 20.

TOP

10. Which machines will be scanned by WebSAINT®?

The target IP addresses for your WebSAINT® scan are selected at the time you place your order. If your target list includes any hosts other than the one from which you place your order, you will be asked to submit a written, signed statement that you take responsibility for the target hosts and allow SAINT Corporation to conduct the scan.

TOP

Copyright SAINT CorporationLegal InformationPrivacy StatementIndex of Site