In six steps Certification process is completed. The first three steps are the audit itself; comprised of Dynamic Port Scanning, Port-level Network Services Testing, and Web Application Testing. The fourth and fifth steps are alerts whenever are detected and remediation management using our extensive management portal. The result is highly effective, pro-active security.

The first phase of the audit is about thorough, interactive port scan of the target. Accurately determining which ports on an IP address are open is the crucial first step to a comprehensive security audit. Techrate's proprietary firewall and IDS/IPS aware network discovery technology is designed to accurately map out any size or complexity of network topology. This is not a simple process.

The second phase of the audit process is about thoroughly interrogate of each service running on every available port to determine exactly what software is running and how it is configured. Once this information is acquired it is matched to our Knowledge Base in order to launch additional application specific and generic tests of each available service. These tests are based on our extensive knowledge base, which is updated every 15 minutes.

The third phase is Web application scans. It is Techrate's daily security audit. Traditional security mechanisms such as firewalls and IDS' provide little or no protection against attacks on your web applications. During this testing phase, all HTTP services and virtual domains are checked for the existence of potentially dangerous modules, configurations settings, CGIs and other scripts, and default-installed files. The web site is then deep crawled, including flash embedded links and password protected pages, to find forms and other potentially dangerous interactive elements. These are then exercised in specific ways to disclose any application-level vulnerability such as code revelation, cross-site scripting and SQL injection. Both generic and software specific tests are performed in order to uncover coding errors.

This three-phase approach to auditing enables us to perform more accurate audits with fewer loads on your servers. It also enables us to run any single test or test phase on a target to detect changes, test specific ports, or run web application only tests on multiple web sites residing on a single server.

Alerts are configurable by user, device group, and severity level. They can be sent to any number of email-enabled devices such as cell phones, and pagers, etc. Between each daily audit, you also receive immediate, preemptive alerts when any new feature added to our knowledge base targets a specific device in your account. This significantly reduces exposure time between daily audits. Additional manual audits can be launched any time. Manual audits can be configured to only retest current features for patch conformation, or to conduct aggressive DOS and "full exploit" type tests.

Interactive tools and wizards enable you to easily manage information. List to allow ranking by combinations of device groups, severity or effort-to-patch. Configurable device grouping allows expedited remediation planning, delegation and patch management. Complete and detailed easy-to-follow patch instructions are provided within the management portal. Hack Guard certification service also includes unlimited email or telephone technical support from certified security professionals. Whatever your question, or level of expertise, our experienced staff is there to support you throughout the remediation process.

Techrate's pending security auditing technology allows the Hack Guard mark to appear only when a web site's current security.