External Vulnerability Testing

New web site monitoring station: Copenhagen, Denmark (2007-09-08)

The WatchMouse network of monitoring stations expands again, this time in Copenhagen, a another site monitoring station in Scandinavia, bringing the total number of checkpoints to 23.

The new checkpoint will appear automatically in your logs. You can also set one of the new checkpoints as the primary checkpoint in your monitoring settings.

The current status of the WatchMouse web site monitoring network can be found on the 'About' tab of the WatchMouse site.

Did you know? Hackers probe your servers for vulnerabilities between 5 and 170 times per week (2007-10-29)

Test your site now: Free 10 day / 10 external vulnerability testing trial

With a dramatic rise in malicious attacks, it is now critical to test your websites and servers for security vulnerabilities. Having the latest firewalls and Intrusion Detection Systems will not protect your organization if they (or the services behind it) are not kept up-to-date and configured correctly.

This means that verifying the security of your systems is not something you can do just once, nor should you check this just every now-and-then. New vulnerabilities are identified every day, exploits become available soon after it, and every change in your systems' configurations, however small, may open up new vulnerabilities. Having audited last week does not imply your systems are fine today!

The WatchMouse Periodic Vulnerability Scan is an affordable way to routinely check your company’s security external vulnerability testing. Utilizing the most up-to-date database of known vulnerabilities, WatchMouse’s identifies any security risks and provides you with the peace-of-mind that your web applications are being scrutinized from the perspective of a possible attacker.

Characteristics

WatchMouse offers Periodic Vulnerability Scanning with an outside - hacker's - view, with the following characteristics:

• Currently over 20,000 vulnerabilities are checked. Checks for new vulnerabilities are added on a daily basis.
• The frequency and the intensity of a external vulnerability testing can be tailored to your external vulnerability testing, and implemented immediately on our self-service website.
• Severe vulnerabilities can, depending on your preferences, initiate SMS (text) or paging alerts, giving you, or your webmasters, the opportunity to react quickly in case of new vulnerabilities.
• Extensive reporting is available for each external vulnerability testing, including pointers on how to fix vulnerabilities.
• WatchMouse's unique Vulnerability Scan Customer Console allows you to manage subsequent external vulnerability testings by inspecting differential reports and open issues, declaring vulnerabilities fixed, adding operator comments, etc.

Try now: Free 10 day trial!

Announcing two free contacts for all accounts and alerting via MSN and Jabber (2008-01-08)

WatchMouse starts the new year with a gift: we have added two contacts to all customer accounts for free.
Contacts are used for:

• alerts in case of errors as defined in your Performance Monitoring rules,
• alerts when new issues are found in your Vulnerability external vulnerability testings, and
• custom reports.

We also introduced two new alerting methods: Instant messaging with MSN (Windows Live Messenger) and Jabber.

If you have a Jabber or MSN instant messenger account, add it as a contact in your WatchMouse account and then use these contacts for alerting. Our favourite setup is an escalation group where at the first error an instant message is sent, then if the error persists, after 5 minutes this is followed by an email and/or SMS text message.

Redesigned WatchMouse site and new product plans (2009-12-24)

We’re pleased to announce the redesign and launch of www.watchmouse.com. The new site is faster, more responsive and designed to be much more intuitive. Don't take our word for it though, try it yourself and let us know what you think!

The changes:

• Clean, task-oriented design
• Faster page loads
• Improved main console for a better overview of your monitors and better access to the monitoring details
• New "dashboards" featuring related, grouped information and tasks
• A new dashboard selector on every page after you log in, just below the search field

We’ve also introduced chat support. You can now chat directly on the site whenever the support team is online (normally 8 AM to 8 PM Central European Time or GMT+1).

Stay tuned for even more usability improvements and additional features coming up in Q1 of next year!

New Product Plans

You asked and we listened! We’ve received many requests for expanded plans, and also for a slimmed down plan for personal use. Additionally, the functional test (scripts) we introduced last year have become very popular, so we decided to add these tests in all professional packages.

The changes:

• We added functional tests to the Webmaster and Corporate plans, plus a one-minute monitor in the Corporate plan - all at the same price
• Two new professional plans have been added: the Enterprise Plan with 100 monitors (including 20 functional tests) and the Multi-Site Plan
• The Gold Plan that included 10-minute monitors only, has been discontinued, however current customers can still continue to use this package
• All Professional Plans now include complementary vulnerability external vulnerability testings to verify that your site and server is safe
• Lastly, we added the Personal Plan, a cost-effective plan for small sites, and we beefed up the free, Lite Plan so it now checks at 20-minute intervals

Full details can be found at: http://www.watchmouse.com/compare_plans.php

Take a look at the new WatchMouse website and give us your feedback. Bear in mind we’re still adding content and polishing the edges, but we'd be delighted to hear your thoughts and comments!

Happy holidays!

Stan P. van de Burgt

CEO

WatchMouse

P.S. You may find an occasional English word in the non-English sites. Please note that these will be replaced within the next few days.

LB Icon chooses WatchMouse for independent website monitoring (2005-01-31)

Customer websites verified from the visitors' perspective

LB Icon and WatchMouse have signed a contract for the continuous monitoring of the websites and services of LB Icons' customers. Using the WatchMouse services, LB Icon expects to raise its service level even higher.

The Application Management & Hosting Services (AM&HS) group of LB Icon maintains the administration and management of servers and applications of a large number of (international) clients. This makes AM&HS responsible for the performance and availability of the websites and Internet applications.

Using the WatchMouse services, AM&HS will instantly be aware of upcoming and/or acute incidents related to the websites of its clients, and can, as a result, resolve problems in a short time frame.
The websites and their functionality are checked for accessibility, speed and conformance from different locations around the world. Because the websites are checked in the same way that visitors are experiencing them, incidents will be detected at an early stage. Also, using WatchMouse's objective periodical reports, it is possible to see if the performance is in accordance with the agreed service levels (SLAs).

Eveline Aendekerk, MD a.i.: "The door of a shop should never be jammed, websites and the functionality on those sites should simply be accessible and available. Our clients should be able to rely on this completely, so they can focus on their primary business processes, such as communication, interaction and sales.
We chose WatchMouse because of their expertise, and also because of the simplicity and user-friendliness of their system and services".

Stan P. van de Burgt, one of the founders of WatchMouse: "I find it a powerful gesture that LB Icon doesn't just monitor the websites of their clients, but that they selected an external party for this, and on top of that give their clients access to the results. Many companies where the website plays an essential role in business, don't have any awareness of this. They have no idea of the external vulnerability testing and the resulting damage, until the day comes that things actually go wrong"

About Lost Boys

For 11 years Lost Boys has been a major service provider in the area of (mobile) Internet. Lost Boys offers a combination of strategy, design, technical development, implementation, application management and hosting of Internet- and mobile solutions. The Amsterdam based corporation is part of the Lost Boys/IconMedialab Group and is listed on the Stockholm Stock Exchange and Euronext Amsterdam. Lost Boys operates with 600 employees in 7 countries, both in Europe and the United States.

http://www.lostboys.nl/
http://iconmedialab.com/

About WatchMouse

WatchMouse is a service of RoundZero. Since 2001, WatchMouse has been checking Internet sites and e-commerce applications of major companies all over the world. The WatchMouse services are available in 8 languages and analysis is performed through its worldwide monitoring network at different locations and networks. WatchMouse has thousands of users in more than 70 countries.

http://www.watchmouse.com/

Very impressive feature set and has a real commitment to client care (2010-01-13)

With many hundreds of business clients who expect and deserve over 99.99% uptime, in the instances where we do have service external vulnerability testing, WatchMouse alerts us promptly - every time. This allows us to minimize the impact of downtime and interruptions to our clients. WatchMouse isn't just another monitoring service, the team is dedicated to building on an already very impressive feature set and has a real commitment to client care

Michael Bloch, Business Operations Manager, ThinkHost, Inc.

WatchMouse's Website Performance Benchmark enables us... (2010-01-13)

WatchMouse's Website Performance Benchmark enables us to confirm on behalf of our clients, any suspected access external vulnerability testing in addition to showing the overall performance compared to the benchmark in our client's sector.

Managing Director, Red Dog Communications

phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities (2009-07-24)

phpDirectorySource is prone to an SQL-injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data.

Exploiting these external vulnerability testings could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mozilla Firefox/Thunderbird Double Frame Construction Memory Corruption Vulnerabilities (2009-07-24)

Mozilla Firefox and Thunderbird are prone to multiple remote memory-corruption vulnerabilities.

An attacker can exploit these external vulnerability testings to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document them.

IBM Tivoli Identity Manager Session Fixation Vulnerability (2009-07-24)

IBM Tivoli Identity Manager is prone to a session-fixation vulnerability.

Attackers can exploit this external vulnerability testing to hijack a user's session and gain unauthorized access to the affected application.

Tivoli Identity Manager 5.0 is affected.

Mozilla Firefox/Thunderbird JavaScript Engine Memory Corruption Vulnerabilities (2009-07-24)

Mozilla Firefox and Thunderbird are prone to multiple remote memory-corruption vulnerabilities that affect the JavaScript engine.

An attacker can exploit these external vulnerability testings to corrupt memory on the affected computer and run arbitrary code in the context of the user running the affected application. Failed exploit attempts will cause denial-of-service conditions.

These vulnerabilities were previously covered in BID 35758 (Mozilla Firefox MFSA 2009-34, -35, -36, -37, -39, -40 Multiple Vulnerabilities) but have been assigned this record to better document the external vulnerability testings.

RaidenHTTPD Cross Site Scripting and Local File Include Vulnerabilities (2009-07-24)

RaidenHTTPD is prone to local file-include and cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. These external vulnerability testings affect the WebAdmin component.

An attacker may leverage the cross-site scripting external vulnerability testing to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks.

Exploiting the local file-include external vulnerability testing allows remote attackers to view and subsequently execute local files within the context of the webserver process.

RaidenHTTPD 2.0 build 26 and prior versions are affected.

Article in the Dutch magazine Quote (2006-06-23)

Some nice coverage of WatchMouse today, the July external vulnerability testing of Quote, a monthly magazine for and about rich people, and those who would like to be.

The article is on the "smartest and most successful companies of this moment", and WatchMouse is one of the 15 listed. The article is in print only. See www.quotenet.nl.