Just wondering if anyone here uses scanalert and if so maybe you can tell me what it does, apart from allowing their hacker safe logo to be displayed on your site.

I have tried to find out what they check and what results they generate but so far have been unable to find anything that justifies their pricing.

If you do use it, did it make a difference in conversion rates ?

Are there any low cost website security scanners that I can buy and use to check my site manually ?

Thanks

Just wondering if anyone here uses scanalert and if so maybe you can tell me what it does, apart from allowing their hacker safe logo to be displayed on your site.

I have tried to find out what they check and what results they generate but so far have been unable to find anything that justifies their pricing.

If you do use it, did it make a difference in conversion rates ?

Are there any low cost website security scanners that I can buy and use to check my site manually ?

Thanks

I talked with one of their reps for awhile, they explained how they checked open ports on the server, network issues, and many other things with just one simple html/javascript code. I feel most of the money you are paying for this services goes towards the logo.

They basically do a remote scan of the site/server to check for any issues. It doesn't do any type of internal server scan. To me this product is more of a marketing tactic than a security validation. Ever bit helps in customers eyes to reassure them that online orders are secure, so if using a seal means you'll get more orders then test the waters out and see.

People that knock the service most likely haven't used it. ScanAlert has a pretty extensive sets of tests, and the entire suite runs about an hour and a half per server, more or less. They do some excellent XSS testing, although it's not comprehensive. However, it's very likely they will identify some holes in your scripts -- not always security related. For example, if your code doesn't correctly handle querystring or form values, you'll probably find that out.

I find it to be very a worthwhile service, and not because of the seal. They also have a "low traffic" pricing option that you may be able to get if you ask for it.

I think it's a waste of time, if you want to secure your server then hire a guy to do a security audit for $100 instead of paying them for a $300 service. Which in the end if you don't know what your doing you'd have to hire somebody anyway to fix the security holes. Not to mention that it performs the same tests on every Linux Distribution and Windows OS with all sorts of control panels and purposes. The information and recommendations it provides can be deadly if you don't know what your doing.

The only reason I would see it being useful is to attempt to increase your signup rate. Even then the money would be better spent on getting a BBB Seal.

Of course you would think it a waste of time. Anyone who would rely on a $100 security audit isn't much interested in security. A one-time security audit is about as useful as seeing your doctor when you turn 21 and then never again. As I said, the only people who would find daily audits useless are those who have never used them.