SlideShare a Scribd company logo

Positive Technologies Application Inspector

Q
qqlan

Application Inspector is a single, user-friendly solution that allows users to quickly find and fix security vulnerabilities in applications. It uses a combination of static application security testing (SAST), dynamic application security testing (DAST), and interactive application security testing (IAST) to identify vulnerabilities. When vulnerabilities are detected, Application Inspector automatically generates exploit vectors to demonstrate how vulnerabilities could be used in attacks. It integrates with the development process and products from Positive Technologies to provide unified security across networks, web applications, mobile applications, and ERP systems.

Related slideshows

Veracode - Overview
Veracode - OverviewVeracode - Overview
Veracode - Overview
 
Healthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracodeHealthcare application-security-practices-survey-veracode
Healthcare application-security-practices-survey-veracode
 
Innovating Faster with Continuous Application Security
Innovating Faster with Continuous Application Security Innovating Faster with Continuous Application Security
Innovating Faster with Continuous Application Security
 
1 of 2
Download to read offline
Application Inspector — PRODUCT BRIEF Simplify Compliance and Control Security HIGHLIGHTS • Achieve a high-level of assurance through our innovative use of SAST, DAST and IAST with automatically generated vulnerability exploits vulnerabilities and not code errors • Standardize security across multiple languages and platforms including web, mobile and ERP • Improve security by integrating with • WAF and IPS Today, most organizations rely on network and web-based applications for everything from business process management to cloud-based file sharing and storage services. Likewise, mobile applications are lurking just around the corner, poised to change the enterprise landscape, yet again. However, in a rush for higher profits, most companies have overlooked the underlying danger that these types of applications pose. According to Verizon’s 2013 Data Breach Report, almost one in three cyber-crime and cyber-espionage attacks were initiated using application vulnerabilities as attack vectors. Additionally, the scientists at Positive Research recently found that 50% of online banking applications can be exploited to gain unauthorized access to corporate networks and data and to make fraudulent transactions. More than a decade of research and practical knowledge from auditing over 1,000 unique applications has gone into Application Inspector — a single, user-friendly solution which allows you to quickly find and fill security holes within your applications. Resolving vulnerabilities swiftly and efficiently is critical — you can’t afford to spend time chasing false alarms. Application Inspector’s intelligent scanning engine finds true vulnerabilities while ignoring sourse code programming errors — drastically reducing the number of potential false positives. In contrast to other source code analysis products, Application Inspector is able to examine software that is written in multiple languages; for example an ASP. NET web application with an HTML 5.0 and JavaScript frontend that uses SQL databases. By automating the entire process, Application Inspector eliminates the difficulties with application security assurance — slashing your compliance costs and putting you in control of your enterprise security posture. Know Your Risks - Instantly Notasecurityexpert? Don’tworry.Ourautomationquicklyshowsyouhow vulnerabilitiesinyourcodecanbeexploited—savingyoufromhavingtotracethe logiconyourown.WhenApplicationInspectordetectsavulnerability,itautomatically generatesanexploitvectorsuchasanHTTPorJSONrequest; demonstratingthe weaknessandhowitcouldbeusedtoattackyourbusiness. Discoveringvulnerabilitiesearlyinthedevelopmentprocesswillobviouslyhelpto ensureahigher-levelofsecurity,sowe’vedesignedApplicationInspectortointegrate
Application Inspector — PRODUCT BRIEF Achieve a High-Level of Assurance Most legacy source code analysis products use either Dynamic Application Security Testing (DAST) - which assesses the security of applications while they are running – or Static Application Security Testing (SAST) – which, by contrast, looks at application source code. More recently, Interactive Application Security Testing (IAST) has appeared, as some vendors attempt to combine DAST and of DAST, SAST and IAST at appropriate stages of analysis – delivering the abstract interpretation, Application Inspector provides code and API coverage and faultsafe assessment similar to SAST tools. Its built-in multi-language tracing engine provides IAST-type analysis for complex cases and the unique exploit generator yields results that are easy to understand. About Positive Technologies. Positive Technologies is at the cutting edge of IT Security. We are one of the top ten worldwide vendors of Vulnerability Assessment systems detecting and managing vulnerabilities in IT systems. Positive Technologies puts research at the heart of our operations, to ensure our products Unify Security Under A Single Solution Security is only as good as the weakest link; that’s why Application Inspector allows you to secure a broad range of applications including: •Network and Web Applications — languages such as .NET, Java and PHP •Mobile Applications — Android and Windows Phone 8 •ERP Systems —l anguages such as ABAP/ Java/ PL/SQL for SAP and Oracle EBS Additional Features •Advanced pattern detection analysis discovers recurring vulnerabilities/ backdoors with similar business logic and syntax •Detects well-disguised vulnerabilities by monitoring for their symptoms •Works with many technologies including: Java (Java SE, Java for Android, JavaEE, Java Frameworks), .NET (MSIL), SQL (SQL 92, PL/SQL, T-SQL), PHP, Web Technologies (HTML 5, JavaScript, VBScript, JSON/XML-RPC), XML (Generic, XSLT, Xpath, Xquery) and •Detects a wide variety of attacks and vulnerabilities including: SQL injection, Cross site scripting, Object injection, HTTP response splitting, XPath injection, LDAP injection, Expression Language Injections •Can be installed on a single machine or network server. Also available as a SaaS solution •Integrates seamlessly with Positive Technologies MaxPatrol and Application Firewall products Application Inspector in action L Vul A = anguage Database nerabilities Database pplication Source Code Static Analyser Dynamic Slice Dynamic Analyser Exploit Generator Reports Positive Research Vulnerabilities Vulnerabilities Highlight Code www. Exploits EMEA@ptsecurity.com / www.ptsecurity.com / www.maxpatrol.com

More Related Content

Positive Technologies Application Inspector

  • 1. Application Inspector — PRODUCT BRIEF Simplify Compliance and Control Security HIGHLIGHTS • Achieve a high-level of assurance through our innovative use of SAST, DAST and IAST with automatically generated vulnerability exploits vulnerabilities and not code errors • Standardize security across multiple languages and platforms including web, mobile and ERP • Improve security by integrating with • WAF and IPS Today, most organizations rely on network and web-based applications for everything from business process management to cloud-based file sharing and storage services. Likewise, mobile applications are lurking just around the corner, poised to change the enterprise landscape, yet again. However, in a rush for higher profits, most companies have overlooked the underlying danger that these types of applications pose. According to Verizon’s 2013 Data Breach Report, almost one in three cyber-crime and cyber-espionage attacks were initiated using application vulnerabilities as attack vectors. Additionally, the scientists at Positive Research recently found that 50% of online banking applications can be exploited to gain unauthorized access to corporate networks and data and to make fraudulent transactions. More than a decade of research and practical knowledge from auditing over 1,000 unique applications has gone into Application Inspector — a single, user-friendly solution which allows you to quickly find and fill security holes within your applications. Resolving vulnerabilities swiftly and efficiently is critical — you can’t afford to spend time chasing false alarms. Application Inspector’s intelligent scanning engine finds true vulnerabilities while ignoring sourse code programming errors — drastically reducing the number of potential false positives. In contrast to other source code analysis products, Application Inspector is able to examine software that is written in multiple languages; for example an ASP. NET web application with an HTML 5.0 and JavaScript frontend that uses SQL databases. By automating the entire process, Application Inspector eliminates the difficulties with application security assurance — slashing your compliance costs and putting you in control of your enterprise security posture. Know Your Risks - Instantly Notasecurityexpert? Don’tworry.Ourautomationquicklyshowsyouhow vulnerabilitiesinyourcodecanbeexploited—savingyoufromhavingtotracethe logiconyourown.WhenApplicationInspectordetectsavulnerability,itautomatically generatesanexploitvectorsuchasanHTTPorJSONrequest; demonstratingthe weaknessandhowitcouldbeusedtoattackyourbusiness. Discoveringvulnerabilitiesearlyinthedevelopmentprocesswillobviouslyhelpto ensureahigher-levelofsecurity,sowe’vedesignedApplicationInspectortointegrate
  • 2. Application Inspector — PRODUCT BRIEF Achieve a High-Level of Assurance Most legacy source code analysis products use either Dynamic Application Security Testing (DAST) - which assesses the security of applications while they are running – or Static Application Security Testing (SAST) – which, by contrast, looks at application source code. More recently, Interactive Application Security Testing (IAST) has appeared, as some vendors attempt to combine DAST and of DAST, SAST and IAST at appropriate stages of analysis – delivering the abstract interpretation, Application Inspector provides code and API coverage and faultsafe assessment similar to SAST tools. Its built-in multi-language tracing engine provides IAST-type analysis for complex cases and the unique exploit generator yields results that are easy to understand. About Positive Technologies. Positive Technologies is at the cutting edge of IT Security. We are one of the top ten worldwide vendors of Vulnerability Assessment systems detecting and managing vulnerabilities in IT systems. Positive Technologies puts research at the heart of our operations, to ensure our products Unify Security Under A Single Solution Security is only as good as the weakest link; that’s why Application Inspector allows you to secure a broad range of applications including: •Network and Web Applications — languages such as .NET, Java and PHP •Mobile Applications — Android and Windows Phone 8 •ERP Systems —l anguages such as ABAP/ Java/ PL/SQL for SAP and Oracle EBS Additional Features •Advanced pattern detection analysis discovers recurring vulnerabilities/ backdoors with similar business logic and syntax •Detects well-disguised vulnerabilities by monitoring for their symptoms •Works with many technologies including: Java (Java SE, Java for Android, JavaEE, Java Frameworks), .NET (MSIL), SQL (SQL 92, PL/SQL, T-SQL), PHP, Web Technologies (HTML 5, JavaScript, VBScript, JSON/XML-RPC), XML (Generic, XSLT, Xpath, Xquery) and •Detects a wide variety of attacks and vulnerabilities including: SQL injection, Cross site scripting, Object injection, HTTP response splitting, XPath injection, LDAP injection, Expression Language Injections •Can be installed on a single machine or network server. Also available as a SaaS solution •Integrates seamlessly with Positive Technologies MaxPatrol and Application Firewall products Application Inspector in action L Vul A = anguage Database nerabilities Database pplication Source Code Static Analyser Dynamic Slice Dynamic Analyser Exploit Generator Reports Positive Research Vulnerabilities Vulnerabilities Highlight Code www. Exploits EMEA@ptsecurity.com / www.ptsecurity.com / www.maxpatrol.com