Scando

ScanDo

Category: Vulnerability Scanners
Website: http://www.kavado.com/
Manufacturer: Kavado Inc.
Operating System: Windows

5
Security Threat Rating

Description:
ScanDo starts by doing a complete traversal of the website to be scanned. It follows every public link and even attempts some common paths. After the completion of the scan it goes back and assesses each page for a number of different vulnerabilities including parameter tampering, SQL injection, cookie tampering and a number of other common attacks. A complete scan of a reasonably sized web site takes about 20 min.

Strengths:
Supports NTLM and BASIC site authentication
PDF reports are easy to understand
Finds a large number of website vulnerabilities
Allows for a manual explore of a website to ensure that your IP won't be banned.
Can set rules on the firewall based on what it finds in a scan to better scan the remote host.

Weaknesses:
PDFs take a long time to generate after scanning larger sites.

Target:
any website

Mitigation/Recommendation:
The best way to ensure that your site doesn't have any obvious security flaws is to run the tool on your site. Fix the problems and run it again. A sound knowledge of web security will be important for ensuring that your site is secure..

Price:
14,500 / year
29,000 perpetual
contact vendor for latest information

Penetration (6):
There are a lot of names out there when it comes to webpage security scanning. ScanDo doesn't have a large share of the industry yet but its increased speed and simplicity over the competitors should result in it being widely used in the future.

Simplicity (8):
The interface is extremely easy to use and the product takes limited setup out of the box. It can be installed and scanning in less than half an hour. Knowing how to use the vulnerabilities it exposes can often be a bit more complicated but there are numerous tutorials out there explaining how each works

Damage Potential (2):
The tool doesn't cause any damage on it's own but it reveals a wealth of knowledge that can be used to do any amount of damage to an unprotected website.