Nova Security Stands For Peace and With the Palestinian People 🇵🇸
Search through FAQ
What is vulnerability scanning?
Vulnerability scanning is a process where an automated program is looking for vulnerabilities and security misconfigurations in your web application or network.
Usually, vulnerability scanners execute a predefined workflow to identify any exploitable vulnerability type.
Once a vulnerability scanner has found and verified a valid security flaw, it creates an alert and reports the finding accordingly.
What are false-positive results?
False positives are an incorrect indication of the presence of a vulnerability. For example, a vulnerability scanner may notify you of a Reflective Cross-Site Scripting (CWE-79) vulnerability available as it was successfully able to inject a payload in a document with a non-executable content type (like text/plain). However, the payload will unlikely work as the browser won't render the response as HTML.
We solve this issue by validating every vulnerability found before notifying you (so you don't have to get excited and later realize that it was for nothing).
What do you mean by false-positive free?
Most (vulnerability) scanners can contain false-positive results. We can easily remove them from your results as we pass them to our robust Validator Engine. A service capable of validating all types of vulnerabilities before determining their presence and exploitability in a real-world scenario.
How long does a full website security scan take with Nova Security?
This truly depends on how big and complex your web application or API is and your scan configuration.
Is Nova Security Scanner capable of scanning authenticated parts of my website?
Yes, we even encourage you to do so to uncover any hidden security flaws that may have had devastating effects if they're left untouched. You can set request headers (including the Cookie and/or Authorization header) when starting a new scan.
How often should I run a scan?
You can scan your web application as many times as you want.
However, we do recommend you at least scan your web application each time you push new code.
How does the scanner compare to other scanners on the market?
Throughout our years of experience as web app penetration testers and bug bounty hunters
We sometimes used third-party vulnerability scanners to automate some of our workflows, and it didn't work out well for us.
We had times when we found vulnerabilities while some vulnerability scanners just couldn't, even after pointing out where to scan.
This never allowed us to put our trust in vulnerability scanners. And we found that this should change.
Today, Nova Security is capable of finding vulnerabilities in various contexts, vulnerabilities that otherwise would've been left undetected by other scanners.
That is one key element that sets us apart from our competitors. It's our unfair advantage.
Will the scanner integrate with my current tooling?
Yes! We have an API in place for you to use in your development cycle.
This will allow your team to fully automate the vulnerability scanning process. Including the creation of support tickets on Atlassian JIRA, GitHub Issues, etc.!
Will Nova Security Scanner cause any disruption to my website or web application?
No. We give you the option to set a rate limit to not put excessive load on your server.
What happens with my private data?
Nova Security is a European-based business and we take privacy seriously. We do not process any of your private data for our own gains nor do we sell it to third-parties. One of our core values is "Privacy", and you will always have full control over your data.
Does Nova Security encrypt my data?
Yes, by default, your data is encrypted at rest (AES) and in transit (TLS).
We would love to hear from you! Reach out to us through our contact form