Quttera has introduced several new features in its Malware Scanner REST APITrack this API. Service architectures using published APIs have largely replaced bulky, monolithic applications, and cybersecurity is embracing this trend. They find that this approach gives them greater flexibility and scalability.
Quttera partners who use the API include managed security service providers (MSSPs), website management companies, web hosting companies, CERT authorities, and telecom providers.
Regular scanning of a site is necessary to detect malware and information theft. Networks need custom solutions to check their websites regularly and report problems to security personnel.
New API Features
The Quttera scanner API supports the malware scanning and blacklisting checks of a domain's entire website or specified pages. Behavior-based scanning discovers even previously unknown malware. Operations are asynchronous to optimize performance.
Blacklist publishers flag sites that appear malicious. Browsers that use these lists will warn users who access the sites, sometimes without the innocent site owner noticing. Quttera's blacklist checking warns owners if their sites have been reported as dangerous and allows them to address the issue promptly.
Augmenting these capabilities are two new feature sets: port scans and SSL certificate checks.
The port scan API finds all service access points which a server has made available. Configuration errors can inadvertently expose services and create unmonitored access paths. The API identifies all ports as open, filtered, or closed. A port scan lets the IT staff identify and correct these vulnerabilities, reducing the server's attack surface.
The SSL validation API queries a site to determine if it has a valid, signed SSL (aka TLS) certificate. It can verify the customer's site or another site that the customer relies on. The absence of an SSL certificate means the site does not support secure communication. It is vulnerable to man-in-the-middle attacks, forgery, and interception of confidential data. An invalid certificate may enable encrypted communication, but it does not prevent forgery. Expired and improperly configured certificates trigger browser warnings, driving many visitors away. Checking SSL certificates as part of a regular cybersecurity scan allows prompt correction of these problems.