Detecting and Resolving Web Vulnerability


WebVulnerabilityEscape Technology recognizes the importance of security. In Escape Online 5, we use the .Net Framework security functions, encryption between the client and the server, encryption in the database, and roles and permissions in the software. We even have a dedicated mechanism for securing access to social security numbers.

We take the security of school business data seriously. So, when we began the development of our new Employee Online portal, we knew that we wanted the design of the web-based portal application code and configuration of the web server to have the highest possible level of security.

To that end, the Development Team launched an initiative to evaluate and procure a Web Vulnerability Scan tool. What is a Web Vulnerability Scanner? A web vulnerability scanner is a tool that performs an in-depth examination of a web site to reveal any potential security risks and hack/exploit attack vectors. The tool also produces an actionable report with specific information on each risk as well as suggested remediation steps.

After testing and evaluating several of the top products in the web vulnerability scanning space, the Dev Team ultimately selected the Acunetix Web Vulnerability Scan (WVS) tool. The Acunetix product is one of the best WVS tools in the industry, rated a 96% WIVET (Web Input Vector Extractor Teaser) score, 4% higher than the IBM AppScan Standard product.

After procurement and licensing, the Acunetix product was immediately deployed into service. Web vulnerability scans are run nightly and the output reports are reviewed each morning to determine if web vulnerabilities are present. If any issues are detected, the Portal development team is engaged to research and address the issue.

Since implementing the Acunetix tool during development of the portal version 3.14.3, the WVS tool identified several potential security issues, each of which development has addressed and resolved. Over this iterative process, the development team has been able to eliminate all of the high and medium alerts detected. These vulnerability scans are, and will continue to be, an important and integral part of the portal software development lifecycle.