ScanAlert's "Hacker Safe" badge not so safe and PCI compliant
Written by DP
Monday, 21 January 2008
Security analyst Russ McRee from Seattle, has posted on his blog why "Hacker Safe" certified websites are not so safe. He has proved against McAfee's statement about the service, which says about web application scans: "the web site is then "deep crawled," including flash embedded links and password protected pages, to find forms and other potentially dangerous "interactive elements." These are then exercised in specific ways to disclose any application-level vulnerabilities such as code revelation, cross-site scripting and SQL injection..."