Cenzic 232 Patent
Paid Advertising
web application security lab

Hackersafe Sites Are Likely Targets For Exploitation

There has been an interesting trend on the forums as of late. HACKER SAFE¬© sites are being targeted to identify the vulnerabilities in them. Ultimately the type of vulnerability assessments performed by Scan Alert has been essentially proven to be ineffective at the 99% rate that they claim. I know I’ve written about this before but this time the name of a security watermark is being used as an effective method for finding vulnerable websites. That’s right, the people on the forum are inventing Google Dorks to locate sites that bear Scan Alert’s watermark as they are probable targets for exploitation.

Not many security companies have the distinction of having such flawed methodology for testing for vulnerabilities that their services are being used as a method for finding vulnerable websites that they certify as being 99% safe, according to their website.

According to Scan Alert they help companies convert 14% better with their logo (thanks to Kyran for the link). Clearly the marketing aspect is worthwhile, even if it makes your company an even larger target to hackers. I encourage anyone using Scan Alert to hire a professional to do a real vulnerability assessment based on the results from the forum and ditch the logo before it makes you an even larger target to the people you are claiming to be safe from.

7 Responses to “Hackersafe Sites Are Likely Targets For Exploitation”

  1. id Says:

    I wonder if having the logo makes them even more less likely to have secure code. With an outside vendor giving validation to flawed code it is less likely to be re-examined by the site coders, after all Scan Alert said it was ok…

  2. Apnovi Says:

    I think you might be right there, if some security site from outside has already supposedly validated the code and given it the all clear…then some developers may be inclined to leave it be. Hey its always good to have a second opinion or even a third, but lets not get them from Scan Alert…lol

  3. RSnake Says:

    I’d like to amend my statement after having thought about this quite a bit more. Given the increase in revenue attached with a well placed HACKER SAFE© logo, I think it is a good idea to place it on your site. Who doesn’t want an additional 14% in revenues? However, I don’t think it is a wise thing to do until you have had a chance to have your site professionally manually verified first. The last thing you want to do is jeopardize your corporate security and your additional 14%. That is an investment and it should go towards something.

  4. √ľnal Says:

    hehehe

  5. maluc Says:

    and that’s 14% more customer accounts for a hacker to steal. Everybody wins ^_^

    -maluc

  6. James Says:

    I got a second opinion from a different scanning place called Hack Resistant and got a more affordable seal. I suggest you don’t waste your time and pay $1800. :)

    James

  7. Can you hear the vendors blogging? at PCI and Data Security Compliance Says:

    […] to address the ha.ckers.org issue that started in the Washington Post. The ha.cker.org site outed ScanAlert and ControlScan as not properly addressing cross-site scripting issues. I give many kudos to Aaron […]