WebSAINT is a patented Cloud-powered application that enables the system administrator to evaluate the security environment of a single computer, multiple computers, or an entire network. Security auditors across the globe find WebSAINT valuable for examining corporate networks and associated information technology assets.
WebSAINT is hosted on the Web by SAINT Corporation at www.saintcorporation.com. It is based on the SAINTscanner®, SAINT Corporation's flagship product. When you use WebSAINT, SAINT Corporation protects your payment and scan results using the secure socket layer (SSL) protocol. In other words, the link between you and SAINT Corporation is secure.
While WebSAINT is geared primarily toward the security weaknesses of an enterprise's information technology infrastructure and PCI Scanning, a great deal of general network information also can be gained when using the tool—network topology, network services, and types of hardware and software being used on the network, to name a few.
WebSAINT conducts a scan of tcp, udp, and rpc services on either the customer's computer or subnet. When WebSAINT detects a service that has a history of possible security concerns, it performs a more detailed analysis. The results of the analyses are stored in a database for subsequent access through a secured Web browser.
WebSAINT performs many vulnerability tests and the default policy is the PCI ASV scanning template that requires:
- Vulnerability detection across operating systems, databases, Web applications, network devices, services, and more
- Full port scan of all 65535 ports
Vulnerabilities are stored according to severity and tagged with respective codes: red indicates the most critical vulnerabilities; yellow indicates areas of concern; and brown points to areas which may require further investigation by the system administrator.
WebSAINT includes an option for "dangerous checks." This option allows WebSAINT® to launch buffer overflow exploits and denial of service attacks which yield more definitive results.
WebSAINT uses SAINTwriter® software, which allows network administrators to design and generate vulnerability assessment reports quickly and easily. Customers can present the findings of even the largest network scans in an easy-to-read format. Nine default reports are available, including PCI Executive, PCI Compliance, and trend analysis. The trend analysis report option allows you to quantitatively analyze your remediation program. Reports can be easily exported to other applications like spreadsheets, word processors, and databases.
The following features allow WebSAINT's maximum versatility in a wide variety of environments:
- Flexible configuration options
- Firewalled environment capability
- Scan scheduling (immediate, one-time, daily, weekly, monthly)
- Windows domain authentication
- Optional dangerous checks
- HTML, PDF, CSV, XML or text reports
- No setup is necessary—runs on-line from the secure WebSAINT® server
WebSAINT operates superbly on any platform supporting a Web browser capable of SSL (128-bit encryption is recommended). Environments using the latest versions of Safari, Firefox, or Internet Explorer provide optimum operation.