Web applications are publicly available on the Internet. This provides hackers with easy access and allows attempts to hack the application. To protect websites of Academia Sinica against hacker attacks, Academia Sinica Computing Centre (ASCC) provides web applications scanning services by using the following vulnerability analysis tools:
- Armorize Codesecure
Armorize Codesecure is a static source code analysis platform that leverages third generation software verification technologies to identify web application vulnerabilities throughout development. It provides automated compiler-independent code analysis that models tainted dataflow within the application. Reports pinpoint vulnerable code locations and offer prioritized remediation guidance.
- HP WebInspect
HP WebInspect provides dynamic, black box testing of web applications to find "real" vulnerabilities. It can tackle today’s most complex web application technologies such as JavaScript, Adobe Flash, Ajax, and SOAP. It delivers fast scanning capabilities, broad assessment coverage and accurate web application scanning results.
- Macfee Foundstone
Macfee Foundstone accurately scans everything on network to uncover critical vulnerabilities and misconfigurations on operating systems, network devices, commercial applications, databases, wireless devices, and custom web applications. It can pinpoint vulnerabilities and policy violations with the highest level of precision, and help organizations to take the next steps to reinforce their defenses.
To get more information of Web Applications Scanning Services provided by ASCC, you are welcome to contact us via our Web-based Help Desk: https://itsdesk.sinica.edu.tw/ticket/ticket.php.