Saturday, July 3, 2010

Number of connection errors

Hello All

We are constantly adding new features to our scanner. This time we would like to discuss our new feature that is important for all ZeroDayScan users. Our new reports contain a number of connection errors printed in the report summary. For example take a look at the following print screen.

This connection error number specifies number of cases when our web security scanner had a problem performing a web site assesment request. If this number is big, it means more connection errors and as a result not all pages are scanned. It can happen due to a number of reasons. For example:

- Some website these days are protected using different web application firewalls (WAF). If this WAF solution detects a number of assessment attacks coming from the ZeroDayScan server, the original IP can be blocked after few assesment attempts.
- Some web applications have build-in flood protection. For example Joomla CMS has one. If the number of requests coming from the same IP is too big, this IP will be blocked.
- Hosting companies are running network Intrusion Prevention Systems (IPS). If an IPS solution detects port scan coming from ZeroDayScan IP address, the original IP can be blocked.

Most important thing to note is that we are working on a mechanism that will eliminate all connection errors. Our new version will be released soon. Stay tuned...

Best regards,
ZeroDayScan team

No comments:

Post a Comment