Originally Posted by ScannerX

No rain Phil21 but you do make a good point. Not properly managing a *nix server is the biggest problem we see. Many of our clients are either in a managed environment and think that the server is ?properly managing? or they are on dedicated server and don?t know what they don?t know. In either case what usually ends up happening is they get hacked/defaced and they are not sure how it happened or whom to blame i.e. this post. In a managed environment our clients often use us as a trusted third party to validate that their provider is doing their job correctly. In a dedicated environment our clients once again uses us to analysis their current security state, identify what holes need to be fixed, prioritize the fix implementation and then validate that the fix is in place.

As to false positives, of course they happen but we work diligently with our clients to eliminate the root cause. Additionally, our service includes a threat level editor so that if you find a false positive is popping up too much you can either lower the threat level or select to ignore it.

Finally, our service does find exploitable vulnerabilities remotely on hosts on a daily basis. These include OS-level and webapp level vulnerabilities. Because of the webcrawling feature we analysis and follow every link on a page for php, .net, asp and other vulnerabilities that could lead to SQL injections, xsite scripting and other exploits.

I?m happy to talk all day long about our services but I?m a firm believer that the proof is in the pudding. So, I offer everyone on this thread a test of our service for free. Shoot me an email, mpearson at scannerx.com, I?ll give you a free scan and if you still think I?m full of shit you?ll have the proof to back it up. Otherwise, if you find that what we offer is valuable that I hope you would convey that here as well.