View
Sorting
Products found: 18
Acunetix Vulnerability Scanner
- Detects over 4500 web application vulnerabilities.
- Scan open-source software and custom-built applications.
- Detects Critical Vulnerabilities with 100% Accuracy.
- DeepScan Technology – for crawling of AJAX-heavy client-side Single Page Applications (SPAs).
- Industry’s most advanced SQL Injection and Cross-site Scripting testing – includes advanced detection of DOM-based XSS.
- AcuSensor Technology – Combines black box scanning techniques with feedback from its sensors placed inside source code.
- Highest detection of WordPress vulnerabilities – scans WordPress installations for over 1200 known vulnerabilities in WordPress’ core, themes and plugins.
- An easy to use Login Sequence Recorder that allows the automatic scanning of complex password protected areas.
- Review vulnerability data with built-in vulnerability management. Easily generate a wide variety of technical and compliance reports.
AppSpider
BitDam
- Close to zero latency – With minimal email latency of just a few seconds, end-users will not notice any change. With BitDam, they’re safe to click everything that lands in their inbox.
- 2-click integration – Pre-built APIs enables a (literally) 2-click self-service deployment through the BitDam portal, which applies for all mailboxes in the organization.
- Fast and easy deployment – No MX record change is needed, no hassle to your IT team.
- Intuitive dashboard – Your SOC team can view email subject and recipients through the BitDam dashboard, making tracking and investigating attacks simple.
- Email body and clean files are never saved – BitDam scans the entire email including links and attachments, but doesn’t save it unless malicious.
- Quarantine malicious emails – Malicious emails are automatically quarantined, allowing the SOC team to investigate, delete or release them as needed.
- Visibility to other security checks – As a SOC team user you can see what basic security checks each email went through. This includes anti-spam, spf, and dmarc checks.
- Cloud Storage
- Instant Messaging
CAST Application Intelligence Platform (AIP)
Checkmarx Static Application Security Testing (CxSAST)
Contrast Security Contrast Assess
Faraday Platform
Plugins
You feed data to Faraday from your favorite tools through Plugins. Right now there are more than 70+ supported tools. There are three Plugin types: console plugins which intercept and interpret the output of the tools you execute, report plugins which allows you to import previously generated XMLs, and online plugins which access Faraday's API or allow Faraday to connect to external APIs and databases. Supporting output from +70 tools, Faraday Platform centralizes all your efforts and gives sense to your main objectives. Providing powerful Automation Technology, it helps you reduce your findings’ life cycle by prioritizing actions and decreasing the exposure time of your assets, promoting collaboration by allowing big and small groups of people to work together. Plus, get deep insight on all your projects with just a couple clicks.Key features
Custom Implementation. No infrastructure changes needed: implement Faraday On-prem, Cloud or Hybrid without network changes. Flexible Integrations. Import output or results from 3rd party tools and synchronize your ticketing systems (JIRA, ServiceNow) and security enhancements (2FA, LDAP) Workflows. Implement custom events by triggering actions or vulns' content in real time Deduplicate Vulns. Faraday's Global Vuln KB allows you to customize descriptions and apply them accordingly. Agents. Define and execute your own actions from different sources and automatically import outputs into your repository. Scheduler. Automate repetitive Agents' actions and check results on your Dashboard. Graphics. Get a visual representation of all your findings with just one click. Faraday Client. Solution’s shell allows you to upload results while pentesting actively. Methodology and Tasks. Setup your own strategy, assign tasks to users for each phase and easily follow them up.Choose the plan that best: fits your needs
Community Faraday supports the InfoSec Community around the globe by offering a free open source version that improves on daily workflows- Feed data to Faraday from your favorite tools
- Divide projects by your own rules
- Customize your instance
- Easily identify and sort your database
Craft and export projects using your own templates
Plan ahead and keep track of your goals
- Prioritize actions, decreasing exposure time for your assets
- Adapt strategies to customize every phase of your projects
- Integrate everything!
IBM Security AppScan Standard
- Identify and fix vulnerabilities. Reduce risk exposure by identifying vulnerabilities early in the software development lifecycle.
- Maximize remediation efforts. Classify and prioritize application assets based on business impact and identify high-risk areas.
- Decrease likelihood of attacks. Test applications prior to deployment and for ongoing risk assessment in production environments.
Immunity CANVAS
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
Single Installation License
- includes one year of our standard monthly updates and support
- unrestricted (no target IP address limitations)
- full source code
- Supported Platforms and Installations
- Windows (requires Python & PyGTK)
- Linux
- All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)
Architecture
- CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs.
Documentation
- all documentation is delivered in the form of demonstration movies
- exploit modules have additional information
- currently over 800 exploits
Payload Options
- to provide maximum reliability, exploits always attempt to reuse socket
- if socket reuse is not suitable, connect-back is used
- subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
- bouncing and split-bouncing automatically available via MOSDEF
- adjustable covertness level
Exploit Delivery
- regular monthly updates made available via web
- exploit modules and CANVAS engine are updated simultaneously
- customers reminded of monthly updates via email
Exploit Creation Time
- exploits included in next release as soon as they are stable
Effectiveness of Exploits
- all exploits fully QA'd prior to release
- exploits demonstrated via flash movies
- exploit development team available via direct email for support
- Ability to make Custom Exploits
- unique MOSDEF development environment allows rapid exploit development
Product Support and Maintenance
- subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team
- minimum monthly updates
Development
CANVAS is a platform that is designed to allow easy development of other security products. Examples include DSquare's D2 Exploitation Pack, Intevydis' VulnDisco, Gleg's Agora and SCADA.CANVAS Early Updates Program Immunity CANVAS is heavily QA'd and on a monthly release cycle, however a select number of Immunity's clients rely on up-to-the-minute vulnerability information as Immunity produces material. Immunity is often first to market with new exploits and proof of concept exploit code following "Microsoft Tuesdays". Until they are included in the next reliable monthly release of CANVAS Professional, these codes are available through the CANVAS Early Updates program. This code is often proof-of-concept early research, however its early availability allows our research team to share its results as soon as it is produced. CANVAS Early Updates customers include IDS vendors, vulnerability assessment vendors, and professional services organizations. End-users are provided with an increased level of confidence in our subscribers' products as they are able to verify protection or existence of a new vulnerability within hours of its announcement.
Micro Focus Fortify on Demand
PatrowlSecOps
PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations (scans, searches, API calls, ...), aggregating the results, relaying alerts on third parties (ex: Incident Response platform like TheHive, Splunk, ...) and providing the reports and dashboards. Operations are performed by the PatrowlEngines instances. Don't forget to install and deploy them ;)
Peach API Security
Be A Hero. Every Day.
Peach API Security acts as a man-in-the-middle proxy, capturing data sent from your traffic generator and the test target. Once captured, this data is fuzz tested using company’s advanced automated web API security tool. Peach API Security makes testing a breeze. It provides meaningful data so your development team can prioritize vulnerability fixes.How It Works
Peach API Security performs a series of security checks against your web APIs based on requirements laid out in the OWASP Top-10. By leveraging the automated testing that your development team already performs (i.e. unit tests), Peach intelligently executes a series of fuzz and passive security tests. Once configured, interactions will primarily occur through your existing build-system interfaces. Coverage of REST, SOAP, and JSON RPC web APIs are all supported. Peach API Security intelligently executes a series of fuzz tests and passive security tests on your web APIs. Comprehensive test results empower your team to mitigate security vulnerabilities. Each uncovered vulnerability includes actionable data. Leverage the power of Peach for your DevOps team. Finding vulnerabilities earlier in the product development lifecycle saves you time, money, and reputation.CI Integration
Peach was designed to seamlessly integrate into your existing CI systems. Implemented as a step in the build pipeline, Peach blocks deployment of builds that are not secure. The results of Peach’s security tests are returned to the CI system, ensuring developers don’t have to exit their current build tools.Testing Profiles
Configurable testing profiles allow you to balance the depth of testing with the time available to test.Common profiles include:
- Quick – Quick testing without fuzz testing, ideal for immediate results
- Nightly – Quick testing with fuzz testing, ideal for nightly builds and quick results
- Weekly – Complete testing, ideal for major product releases and complete test results
GENERATING TEST CASES
Peach API Security acts as a man-in-the-middle proxy, capturing traffic created by your existing automated testing. Once captured, this data is fuzzed by Peach and sent to the test target. Integrations with popular automated testing frameworks make capturing traffic easy. In addition, custom traffic generators using REST API, Java, .NET, and Python are all supported. SECURITY TESTING AND COMPLIANCE Peach API Security is a comprehensive testing tool that tests against the OWASP Top-10 and PCI Section 6.5. REPORTINGComprehensive test results empower development teams to mitigate security weaknesses. Vulnerability data is automatically returned to your CI system. Faults are treated similarly to automation failures, blocking the release of a non-secure build. This enables developers to focus on fixing code, rather than making security decisions. Each vulnerability includes actionable data including:
- Fault Message Data – Used to efficiently find and mitigate vulnerabilities
- OWASP Mapping – Identifies which OWASP Top-10 requirement failed
- Exploitability Difficulty and Impact – Helping your team prioritize vulnerability fixed
Qualys Web Application Scanning (WAS)
- Comprehensive protection
- Clarity and control
- App dev hygiene
- Broad threat coverage
Swascan Platform
The First Cyber Security Testing Platform
What is Swascan?
The platform allows to Identify,analyze and solve Cyber Security vulnerabilities and critical issues discovered on business assets. The first cloud based suite that allows you to:
- identify
- analyze
- solve
Vulnerability Assessment
The Web App Scan is the automated service that scans for Web Vulnerabilities, this service identifies security vulnerabilities and criticalities of websites and web applications. A Vulnerability analysis is necessary to quantify risk levels and to provide the corrective actions needed for the remediation activity.
- Web Application Scan
- OWASP
- Security Testing
- Reporting
Network Scan
Network Scan is the automated Network Vulnerability Scan service.This tool scans the infrastructure and the devices on it to identify security vulnerabilities and criticalities.The Vulnerability analysis is necessary to quantify risk levels and to provide the corrective actions needed for the remediation activity.
- Network Scan
- Security Testing
- Compliance
- Reporting
Code Review
Code Review is the automated tool for the static analysis of the source code. The Source Code analysis is aprocess that through the source code analysis of applications verifies the presence and effectiveness of minimum security standards.Code verification is useful to be sure that the target application has been developed in order to“auto-defend”itself in its own environment.
- Security Code Review
- Static Code Analysis
- Compliance
- Reporting
GDPR Assessment
GDPR Assessment is the Online Tool that allows companies to verify and measure their GDPR(General Data Protection Regulation–EU 2016/679)Compliance level.Swascan’s GDPR assessment tool provides guidelines and suggest corrective actions to implement terms Organization,Policy,Staff,Technology and Control Systems.
- GDPR Self Assessment
- GDPR Gap Analysis
- Compliance
- Reporting
On Premise
Swascan On premise is the Cyber Security Testing Platform which allows to identify, analyze and solve all the vulnerabilities related to Corporate IT Assets in terms of websites, web applications, network and source code. It is an All-in-One platform that includes Web Application Vulnerability Assessment,Network Vulnerability Scan and Source Code Analysis services.
- On Premise
- Cyber Security Testing
- Ensures the Technologic Risk Assessment
- Compliance
Synopsys Seeker
UL 3DS Self Test Platform
Go beyond compliance testing with end-to-end, real-life 3-D Secure flow simulation and validation
EMV® 3-D Secure (3DS) certification is the first step in 3DS solution success. That’s why UL’s 3DS Self-Test Platform is more comprehensive than ever. Platform now provides testing and compliance services for 3-D Secure, plus real-life, end-to-end simulation and validation across numerous payment scenarios. This plug-and-play platform allows different components to be tested in a scalable and automated user interface/user experience(UI/UX) environment.Improve development time and go-to-market speed
3DS Self-Test Platform is a configurable and versatile web-based platform that simulates the entire 3-D Secure ecosystem based on the EMV 3-D Secure protocol and core functions specification. It offers you the ability to debug, test, and verify compliance before submitting test results for formal approval. This can help speed up development and go-to-market time. The platform provides:- Single-solution testing environment and formal approval services
- Comprehensive 3DS approval process support
- Enhanced debugging features and interface
- Guaranteed up-to-date EMV 3DS specifications
- EMVCo regulatory and specification compliance
- European Payments Service Directive 2 exemptions for Strong Consumer
- Authentication (SCA)
Simulate and verify from cart-to-checkout
UL Merchant Simulator within the Self-Test platform offers interoperability and user experience testing for 3DS components. It allows you to test in an end-to-end environment across the acquirer, interoperability and issuer domains. You can simulate a real web shopping experience allowing you to buy goods and validate the UX of a 3DS flow. You can also select various payment cards to trigger challenge and frictionless flows in different browser and app interfaces across multiple authentication methods.UL Merchant Simulator helps promote a successful 3DS experience:
- Test across the three domains: acquirer, interoperability, and issuer
- Helps accelerate availability, enhance reliability, and improves performance
- Validate product interoperability between vendors, merchants, and banks Pretest payment brand protocol extensions
- Gain data visibility for the proper collecting and scoring of devices and users
- Test user interface experience for EMV 3DS events
Testing applications
Replace any simulated components with a certified product for interoperability testing.3DS vendors, PSPs and merchants:
- Test SDKs, website and mobile apps against an EMV 3DS certified server
- Test server against EMV 3DS certified SDKs within browsers, iOS and Android clients
- Test against EMV 3DS certified merchant requester (server and SDKs for browser, iOS and Android) and an issuing bank’s ACS 3DS vendors and banks
- Test against the DS and an EMV 3DS certified merchant requester (server and SDKs for browser, iOS and Android)
Empowering trustworthy commerce
With a focus on today’s realities and tomorrow’s needs, UL provides the trusted and critical expertise that is required in an interconnected and cashless world. Company's payment expertise enables businesses to implement innovations that guarantee regulatory compliance, maintain customer trust, and increase market access
Veracode Dynamic Analysis
Veracode Static Analysis
The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.