...
Patch Management
The core function of the product is to identify missing patches and updates on systems. This means the software is out of date and has a security flaw which could be used to compromise the system.
Application Security and CDN Security
The findings in this section are to identify flaws in web application code. Vulnerabilities discovered here could lead to a compromise of a database or defacement of a website. These type of findings in this section are normally associated to the OWASP Top 10 vulnerabilities- Such as Cross-Site Scripting or SQL Injections.
The Open Web Application Security Project (OWASP) is a 501(c)(3) worldwide not-for-profit charitable organization focused on improving the security of software.
Scanning Process
NormShield uses what is called Open Source Intelligence (OSINT) to gather information. As seen in the following diagram, passive scan doesn't touch the target company assets. Instead we find all required data from the internet, including search engine caches, archive[.]org, internet-wide scanners, VirusTotal, PassiveTotal, hacker sites, paste sites, deep/dark web, etc.
How to get started
Please Email cybersec@columbia.edu with your request, indicating your departmental affiliation and security contact email address.