View
Sorting
Products found: 16
Blade Tool Output Integration Framework
- CppCheck
- RATS
- Splint
- SpotBugs
- Jlint
Blade TOIF Integration
Integrates into Eclipse development environment:- Execute Blade TOIF (desktop deployment) from within Eclipse with progress bar
- Automatically see defect findings in Eclipse
- Use the “TOIF Analyze” easy button in the Eclipse toolbar and in the Blade TOIF main menu
- Run it on a sub-set of project files/ directories
- Filter the defect findings listed in the Blade TOIF Findings view, based on the selected project data in the Project Explorer in Eclipse
Blade TOIF Key Capabilities
- Integrates multiple vulnerability detection tools and their findings as “data feeds” into a common repository
- Addresses wider breadth and depth of vulnerability coverage
- Common processing of results
- Normalizes and collates “data feeds” based on discernable patterns described as Software Fault Patterns (SFPs) and CWEs
- Provides one prioritized report with weighted results across tools/vendors
- Uses an RDF repository and provides external Java API for additional analysis capabilities
- Integrates out-of-box with: CppCheck, RATS, Splint, SpotBugs and Jlint
- Defect Description view provides information related to the cluster, SFP, and CWE description of the selected defect instance in the Blade TOIF Findings view
- Defect findings, including citing information, can be exported to *.tsv file and subsequently imported to another Blade TOIF project
- Installation wizard, auto-detection and configuration of open source software (OSS) static code analysis (SCA) tools
- Supports load build integration to import results generated from the server/load build to the desktop
- Automated risk analysis
- Automated vulnerability detection and analysis
- Traceability
- Measurement and prioritization that make it easy to plan how to best leverage the risk management budget and resources for greatest impact
Curtail Security ReGrade
- Verifies quality of software upgrades and patches using real production traffic
- Prevents costly rollbacks and cumbersome staging
- Enables regression testing in development, QA, and production
- Spots differences in content, metadata, application behavior and performance
- Speeds debugging with packet capture and logging
CyBot
Save time & money
Increase security by focusing on remediating vulnerabilities that are a part of a validated attack path to a business process or critical assetKey features:
- Creates actionable insights based on critical vulnerabilities that threaten your business process for immediate alerts and remediation with one click
- Continuous silent vulnerability scanning on all IP based devices on premise or in the cloud
- Automatically detects critical assets and finds how hackers could reach and threaten them, no human involvement required.
- Cronus is certified for Penetration Testing by CREST
- Help comply with GDPR –require regular pen testing, vulnerability management and greatly reduces the risk of breach to your sensitive data.
Which CyBot is right for me?
CyBot is a next-generation vulnerability management tool as well as the world’s first Automated pen testing solution, that continuously showcases validated, global, multi-vector, Attack Path Scenarios ™ (APS), so you can focus your time and resources on those vulnerabilities that threaten your critical assets and business processes. CyBot has one core engine: CyBot Pro, plus two additional management consoles. One for Enterprises and one for MSSPs. CyBot Pro is the workhorse of the product suite. It is a patented autonomous machine-based penetration test which initially scans the networks, its assets, its vulnerabilities and then takes the next step to map out and validate all the routes a hacker could take to reach your critical assets and business processes. Much like the process a human penetration tester would follow, but continuously and at a much larger scale and scope. CyBot Enterprise manages several CyBot Pros. This is great for larger organizations with global networks who wish to gain insights on global Attack Path Scenarios ™ between their branches, each using a different CyBot machine. CyBot Enterprise will aggregate information from all CyBot Pros for in-depth global insights on cyber threats to your business processes. CyBot MSSP provides large managed security service providers with full control of their Enterprise customers, each with their various CyBot Enterprise and CyBot Pro accounts. Schedule their scans, get alerts to your SIEM and much moreFaraday Platform
Plugins
You feed data to Faraday from your favorite tools through Plugins. Right now there are more than 70+ supported tools. There are three Plugin types: console plugins which intercept and interpret the output of the tools you execute, report plugins which allows you to import previously generated XMLs, and online plugins which access Faraday's API or allow Faraday to connect to external APIs and databases. Supporting output from +70 tools, Faraday Platform centralizes all your efforts and gives sense to your main objectives. Providing powerful Automation Technology, it helps you reduce your findings’ life cycle by prioritizing actions and decreasing the exposure time of your assets, promoting collaboration by allowing big and small groups of people to work together. Plus, get deep insight on all your projects with just a couple clicks.Key features
Custom Implementation. No infrastructure changes needed: implement Faraday On-prem, Cloud or Hybrid without network changes. Flexible Integrations. Import output or results from 3rd party tools and synchronize your ticketing systems (JIRA, ServiceNow) and security enhancements (2FA, LDAP) Workflows. Implement custom events by triggering actions or vulns' content in real time Deduplicate Vulns. Faraday's Global Vuln KB allows you to customize descriptions and apply them accordingly. Agents. Define and execute your own actions from different sources and automatically import outputs into your repository. Scheduler. Automate repetitive Agents' actions and check results on your Dashboard. Graphics. Get a visual representation of all your findings with just one click. Faraday Client. Solution’s shell allows you to upload results while pentesting actively. Methodology and Tasks. Setup your own strategy, assign tasks to users for each phase and easily follow them up.Choose the plan that best: fits your needs
Community Faraday supports the InfoSec Community around the globe by offering a free open source version that improves on daily workflows- Feed data to Faraday from your favorite tools
- Divide projects by your own rules
- Customize your instance
- Easily identify and sort your database
Craft and export projects using your own templates
Plan ahead and keep track of your goals
- Prioritize actions, decreasing exposure time for your assets
- Adapt strategies to customize every phase of your projects
- Integrate everything!
Immunity CANVAS
Immunity's CANVAS makes available hundreds of exploits, an automated exploitation system, and a comprehensive, reliable exploit development framework to penetration testers and security professionals worldwide.
Single Installation License
- includes one year of our standard monthly updates and support
- unrestricted (no target IP address limitations)
- full source code
- Supported Platforms and Installations
- Windows (requires Python & PyGTK)
- Linux
- All other Python environments such as mobile phones and commercial Unixes (command line version only supported, GUI may also be available)
Architecture
- CANVAS' completely open design allows a team to adapt CANVAS to their environment and needs.
Documentation
- all documentation is delivered in the form of demonstration movies
- exploit modules have additional information
- currently over 800 exploits
Payload Options
- to provide maximum reliability, exploits always attempt to reuse socket
- if socket reuse is not suitable, connect-back is used
- subsequent MOSDEF session allows arbitrary code execution, and provides a listener shell for common actions (file management, screenshots, etc)
- bouncing and split-bouncing automatically available via MOSDEF
- adjustable covertness level
Exploit Delivery
- regular monthly updates made available via web
- exploit modules and CANVAS engine are updated simultaneously
- customers reminded of monthly updates via email
Exploit Creation Time
- exploits included in next release as soon as they are stable
Effectiveness of Exploits
- all exploits fully QA'd prior to release
- exploits demonstrated via flash movies
- exploit development team available via direct email for support
- Ability to make Custom Exploits
- unique MOSDEF development environment allows rapid exploit development
Product Support and Maintenance
- subscriptions include email and phone support M-F 9am - 5pm EST, directly with development team
- minimum monthly updates
Development
CANVAS is a platform that is designed to allow easy development of other security products. Examples include DSquare's D2 Exploitation Pack, Intevydis' VulnDisco, Gleg's Agora and SCADA.CANVAS Early Updates Program Immunity CANVAS is heavily QA'd and on a monthly release cycle, however a select number of Immunity's clients rely on up-to-the-minute vulnerability information as Immunity produces material. Immunity is often first to market with new exploits and proof of concept exploit code following "Microsoft Tuesdays". Until they are included in the next reliable monthly release of CANVAS Professional, these codes are available through the CANVAS Early Updates program. This code is often proof-of-concept early research, however its early availability allows our research team to share its results as soon as it is produced. CANVAS Early Updates customers include IDS vendors, vulnerability assessment vendors, and professional services organizations. End-users are provided with an increased level of confidence in our subscribers' products as they are able to verify protection or existence of a new vulnerability within hours of its announcement.
ImmuniWeb® Continuous
ImmuniWeb® MobileSuite
with zero false-positives SLA and expert remediation guidelines. Its award-winning
AI technology augments, intensifies and accelerates mobile penetration testing.
NetSPI Penetration Testing as a Service
Penetration Testing as a Service
Your organization is always-on and your security should be too. NetSPI Penetration Testing as a Service (PTaaS) makes expert penetration testing team available for you when you need it. Whether it’s scoping a new engagement, parsing real-time vulnerability reports, assisting you with remediation, or keeping you compliant year round, PTaaS has you covered.The Benefits of PTaaS
- Enhanced Reporting.Live, consumable testing results are delivered via Resolve, our vulnerability management platform, giving you a single-pane view of vulnerabilities and allows you to drill down into the data to see trend analysis year over year.
- Accelerated Remediation. Live, interactive reporting makes the path to remediation clear and easy. Integrate with your ticketing systems and remediation tools to streamline the remediation process.
- Reduced Administrative Time. Spend more time delivering value to the business, and less time managing projects. From scoping to remediation, PTaaS removes administrative hassles and makes sure your pen tests start and end on time.
- Scan Monster. Find vulnerabilities faster with NetSPI’s proprietary continuous scanning technology. Integrated with Resolve, vulnerabilities are automatically deduplicated and are verified by NetSPI’s pen testing team, bringing clarity to your results.
How it works?
Advisory Services
To fully recognize the value of your technical testing efforts and help ensure the greatest security posture for your organization, multiple Threat and Vulnerability Management (TVM) program elements need to work together harmoniously. NetSPI has developed a comprehensive framework that helps our clients thoughtfully consider the necessary elements of a TVM program.
Application Penetration Testing
NetSPI’s team of application security testing experts specialize in identifying and exploiting vulnerabilities in Web, Mobile, and Thick Applications. Whether your application is hosted internally, or in the cloud, NetSPI evaluates applications for security vulnerabilities and provides recommendations to your company with clear, actionable remediation instructions to improve your overall security posture.
Network Penetration Testing
Attack surfaces have significantly increased with the explosion of cloud and IoT. NetSPI’s penetration testing supports you in identifying unauthorized access to your protected systems. Through a combination of External, Internal, and Wireless Network penetration testing, NetSPI can test your entire infrastructure.
Cloud Penetration Testing
Cloud penetration testing services will identify security gaps in your cloud infrastructure and provide you with actionable guidance for remediating vulnerabilities and improving your organization’s cloud security posture.Adversarial Simulation
Companies continue to invest in security solutions, training, and managed service providers without fully testing their effectiveness. Let NetSPI help you assess those investments, and better understand where to spend time and money based on a true evaluation of your baseline detection and response capabilities. Adversarial simulation services can be customized to meet your needs and help you find the answers you’re looking for through Detective Control Reviews, Red Team Operations, & Social Engineering Engagements.
Continuous Penetration Testing
NetSPI’s Continuous Penetration Testing enhances your recurring deep-dive manual penetration tests with high-quality, low-cost touch points throughout the year. Scan Monster allows your networks and applications to be scanned at any rate you decide, with all asset and vulnerability information flowing directly into Resolve. All critical vulnerabilities are immediately escalated to NetSPI’s penetration testing team and verified within 48 hours.Ordr Systems Control Engine
- Discovers every device in your environment
- Tracks risk scores to focus attention on high risk devices
- Maintains a real-time database and tracks changes
- Integrates with management and workflow tools
- Analyzes all device communications 24×7
- Learns correct behaviors and creates conversation maps
- Group systems by type, location, function, application
- Anomaly detection prevents and isolates attempted attacks
- Micro-segmentation per NIST
- Access control policy generation
- Full integration with existing NAC solutions
- Program firewalls, wired/wireless access network
- Compare usage across facilities to for better distribution
- Identify offline devices and bring them back into service
- Understand the usage patterns and adjust schedules
- Make better-informed purchasing decisions
Parasoft SOAtest
END-TO-END TESTING
From a single intuitive interface, Parasoft SOAtest automates end-to-end test scenarios across multiple layers and a variety of endpoints (i.e. mobile, REST APIs, SOAP services, databases, Web UIs, ESBs, or mainframes). SOAtest reduces the time it takes to create and execute data-driven test scenarios by providing a visual test-creation mechanism to handle common testing challenges like complex assertions, looping, data extraction, or data generation. Its Smart API Test Generator creates complete API test scenarios for you using artificial intelligence. Use SOAtest to reduce test maintainability problems by proactively adjusting your tests as APIs change, and integrate SOAtest into your Continuous Delivery pipeline to ensure that your applications have an acceptable level of risk.LOAD AND PERFORMANCE TESTING
Parasoft LoadTest takes the tests from SOAtest and runs them under load to validate your application’s performance under stress. It verifies that your services meet specific quality-of-service metrics and shows you where performance bottlenecks exist. Load and performance testing can be fully automated and run continuously, enabling constant validation and providing immediate feedback on the impact of change against SLAs.SECURITY/PENETRATION TESTING
Parasoft SOAtest helps teams prevent security vulnerabilities through API penetration testing and execution of complex authentication, encryption, and access control test scenarios. By leveraging already-existing functional tests for security scenarios, teams can approach security testing earlier, and address critical security defects before they are buried deep in the release.CAPABILITIES
- API Testing. Best-in-class API testing with intuitive, easy-to-use tooling and the broadest support for message formats and protocols
- Load and Performance Testing. Leverage automated functional tests to easily manage load and performance testing.
- Microservices Testing. Create automated functional and performance tests for your microservices
- Web UI Testing. Easily manage web UI tests - no scripting is required.
- Mobile Testing. Integrate mobile testing into your continuous testing strategy
- Security Testing. Make automated penetration testing part of your automated CI process
- Test Data Management. Parasoft's modern approach to test data management leverages a self-service interface with visual diagramming to load test data into your API tests
- Test Orchestration & Reuse. A web interface for test orchestration enables the whole team to create, access, and execute tests directly from their browser
- Reporting & Analytics. Aggregate test results from all of your functional testing disciplines in an easy-to-understand, centralized dashboard
PatrowlSecOps
PatrowlManager is the Front-end application for managing the assets, reviewing risks on real-time, orchestrating the operations (scans, searches, API calls, ...), aggregating the results, relaying alerts on third parties (ex: Incident Response platform like TheHive, Splunk, ...) and providing the reports and dashboards. Operations are performed by the PatrowlEngines instances. Don't forget to install and deploy them ;)
Peach API Security
Be A Hero. Every Day.
Peach API Security acts as a man-in-the-middle proxy, capturing data sent from your traffic generator and the test target. Once captured, this data is fuzz tested using company’s advanced automated web API security tool. Peach API Security makes testing a breeze. It provides meaningful data so your development team can prioritize vulnerability fixes.How It Works
Peach API Security performs a series of security checks against your web APIs based on requirements laid out in the OWASP Top-10. By leveraging the automated testing that your development team already performs (i.e. unit tests), Peach intelligently executes a series of fuzz and passive security tests. Once configured, interactions will primarily occur through your existing build-system interfaces. Coverage of REST, SOAP, and JSON RPC web APIs are all supported. Peach API Security intelligently executes a series of fuzz tests and passive security tests on your web APIs. Comprehensive test results empower your team to mitigate security vulnerabilities. Each uncovered vulnerability includes actionable data. Leverage the power of Peach for your DevOps team. Finding vulnerabilities earlier in the product development lifecycle saves you time, money, and reputation.CI Integration
Peach was designed to seamlessly integrate into your existing CI systems. Implemented as a step in the build pipeline, Peach blocks deployment of builds that are not secure. The results of Peach’s security tests are returned to the CI system, ensuring developers don’t have to exit their current build tools.Testing Profiles
Configurable testing profiles allow you to balance the depth of testing with the time available to test.Common profiles include:
- Quick – Quick testing without fuzz testing, ideal for immediate results
- Nightly – Quick testing with fuzz testing, ideal for nightly builds and quick results
- Weekly – Complete testing, ideal for major product releases and complete test results
GENERATING TEST CASES
Peach API Security acts as a man-in-the-middle proxy, capturing traffic created by your existing automated testing. Once captured, this data is fuzzed by Peach and sent to the test target. Integrations with popular automated testing frameworks make capturing traffic easy. In addition, custom traffic generators using REST API, Java, .NET, and Python are all supported. SECURITY TESTING AND COMPLIANCE Peach API Security is a comprehensive testing tool that tests against the OWASP Top-10 and PCI Section 6.5. REPORTINGComprehensive test results empower development teams to mitigate security weaknesses. Vulnerability data is automatically returned to your CI system. Faults are treated similarly to automation failures, blocking the release of a non-secure build. This enables developers to focus on fixing code, rather than making security decisions. Each vulnerability includes actionable data including:
- Fault Message Data – Used to efficiently find and mitigate vulnerabilities
- OWASP Mapping – Identifies which OWASP Top-10 requirement failed
- Exploitability Difficulty and Impact – Helping your team prioritize vulnerability fixed
Rapid7 Metasploit
Scythe Platform
Shevirah Dagah Software
- Given only a phone number, Shevirah can phish mobile users via SMS, QR Codes, NFC or send client-side attacks to simulate how hackers would exploit users
- Given the installation of a simulated malicious application, Shevirah measures the potential impact of malicious applications on users’ devices and corporate management settings
- Simulated phishing attacks can gather basic information, user credentials, or attempt to side-load a simulated malicious application
- Works against Android and iOS smartphones and devices
- Available now in Community and Professional versions. Enterprise version coming soon.
SoSafe Awareness Platform
The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.