Indusface FAQ: Comprehensive Answers

Get a free application, infrastructure and malware scan report - Scan Your Website Now

How can you subscribe to WAF premium without the manual application testing?

You can contact our sales team for customized licenses.

Do we offer SaaS mode of TAS for AWS? or It will be AMI mode only?

We offer only the SaaS model of WAF.

How to add multiple sites into Apptrana Advanced scanning? Is it possible?

Each URL needs to have a separate license.

Does our WAF provide Regex-based rule matching protection?

You can request custom rules for your sites' protection.

How to create a custom rule, are they available on our online tool?

For custom rules, you need to contact our team. (becauase after creating these rules, we test it, and then deliver it to you)

Do we provide multi-user access?

Yes, we have multiple user roles in our platform.

Do our security services use AWS WAF and Shield?

No, Apptrana is our proprietary product.

Do we conduct Load/Capacity test of web application?

No, we do not conduct load testing for any application.

What is the difference between blocked and logged attacks? - If it's in the logged category, Are you still protected?

Blocked Attack as it implies are blocked by the WAF while Logged attack are only logged-on and not blocked by the WAF.

Does indusface have SIEM tools?

Yes, we have SIEM tools.

What IP range does our WAF use?

Please reach out to support@indusface.com

What version of the OWASP rule set is followed by our WAF?

The latest version OWASP 2021.

Can Apptrana be used for the java stack technology?

Apptrana can be used irrespective of underlying application technology.

do you not have limitations about ports used in site

Custom rules are application specific that are designed after evaluating application

Who creates the custom policies in WAF?

Our support team creates them.

What is needed to start with the Advance or Premium plans? Is it only about changing the DNS, or any additional changes in code and on server side necessary?

No change in code required. DNS change and you are up and running./p>

How does our WAF manage with the letsencrypt SSL certificates ?

You can configure either your custom SSL or use our free SSL certificate./p>

What is the default file upload limit for different WAF gateways?

You can customize the file upload limit.

Can we integrate indusface WAF with SIEM?

Yes, you can.

Do you provide logging and reporting?

Yes, we provide logging and reporting.

Can you do a security audit here?

Yes, you can.

Do we provide source code audit scans as a service (SAST/DAST)?

We provide DAST.

I am looking for a company that will do white box testing including manual testing and automated testing based on OWASP including manual verfication - How do you price your services?

Please reach out to sales@indusface.com

Do we carry out PCI DSS ASV scans?

Yes, we do.

What is pricing of web application scanning ? And this is a scan only from the 'outside' or also on the webserver (there is only one) internally (as in I install something on the server as well)

We do application scanning as well as server scanning for that application.

At times it may happen that we have no URLs on the panel for scanning. In that case, if it remains like that for a month or more, what will be the monthly cost for the development agency?

Charges are based on - FQDN per month. /p>

Can a website using the Advanced plan be brought down to the Basic plan?

Yes, you can downgrade it.

Are we involved merely with the testing side and not the prevention side?

For application security "prevention" capabilities, you can buy our WAF Apptrana

What is the philosophy behind continual testing? My environments rarely change for these aps. We do a release about once a year.

Vulnerabilities are discovered on a daily basis which can be due to an OS or the third party services that you use. Hence, even though your application doesn't undergo frequent changes, it requires continuos scan.

Will our products slow your website traffic while scanning?

No, it will not. Also, we provide configuration to scan outside business hours

Can we do an authenticated web app scanning past a log-in page?

Yes, we can provide authenticated scans.

Is there a way to stop or pause the scanning?

Yes, you can pause or stop a scan.

Are we into VAPT testing?

Yes, we are a VAPT testing provider.

Do we perform penetration testing for web apps? How does the penetration test work? Is it all automated black box testing?

Pentration Test is performed by our manual Pentesting team.

Can we provide details for the manual penetration testing available with the product: "Total Application Security"

Please reach out to sales@indusface.com

Do we have any Red Team and tools for website protection?

Yes, we provide 24X7 protection to applications through our product called Apptrana

Do we provide any API service to scan for web application security?

Yes, API security scanning is provided.

Is there any way to exclude URI scanning?

Yes, you can whitelist any specific URL that you would not like to scan.

Do we provide any malware removal services?

No, we do not provide malware removal service. We scan for malware and alert you when detected.

Do we provide web application level public IP based pentesting?

We provide web application level pentesting.

Do you have on-premise web application vulnerability scanner?

We do not support on-premise scanning.

Are business logic vulnerabilities detected by your tools?

Our scanner is DAST scanner, so, any vulnerability that affects you will be detected accordingly.

What is the number of block rules offered in WAS?

WAS does not offer blocking capabilities.

What is FQDN?

Fully Qualified Domain Name

What brands of SSL Certificates are sold by us?

Entrust

Documentation on SSL offloading

Yes, we support it. Please refer to 9th Page of this document - https://www.entrust.com/-/media/documentation/whitepapers/sl19-1028-001_choosing-an-ssl-certificate_wp.pdf

Do we have the EV code signing certificate? What is the pricing?

Yes. Rs. 30,000 for 1 year and Rs. 60,000 for 2 years.

What about wildcard subdomain support?

Wildcard SSL certifiate uses * extension. It lets you encrypt unlimited subdomains.

Which certificate will support 4096 bit encryption?

All ENTRUST SSL certificate support 4096 bit encryption.

Do we provide SSL RSA + ECC Algorithm certificate?

Yes. Except the Standard SSL certificate, all Entrust SSL certificate support RSA and ECC algorithm.

Are you looking for OWASP audit for mobile apps?

Great, we will be happy to help you out. We support testing across multiple platforms including iOS, Android, Windows, Symbian, and BlackBerry OS.

How to scan a mobile app?

Indusface MAS (Mobile Application Scanner) provides a complete security assessment of threats that can be potentially exploited in mobile applications using a combination of automated tools, custom scripts, and manual security testing techniques.

Is our tool applicable just for testing websites or do we have a tool for testing android apps too?

Multiple platforms are covered including Android.

Is there any place to scan online mobile application vulnerabilities?

No, you will have to contact us and our team will guide with the audit process.

Can you scan your mobile app online with our site?