SWAT PRODUCT BROCHURE

Similar documents
Using an Open Source Threat Model for Prioritized Defense

Keeping your data yours

2015 Vulnerability Statistics Report

CORE Security and the Payment Card Industry Data Security Standard (PCI DSS)

Overview of the Penetration Test Implementation and Service. Peter Kanters

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

Where every interaction matters.

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Managed Service Solutions Catalogue. MANAGED SERVICES SOLUTIONS CATALOGUE MS Offering Overview June 2014

Vulnerability Management

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Pentests more than just using the proper tools

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Pentests more than just using the proper tools

Magento Security and Vulnerabilities. Roman Stepanov

MANAGED SECURITY TESTING

Security and Vulnerability Testing How critical it is?

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

Adobe Systems Incorporated

Redhawk Network Security, LLC Layton Ave., Suite One, Bend, OR

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

Integrated Threat & Security Management.

WHITE PAPER AUTOMATED, REAL-TIME RISK ANALYSIS AND REMEDIATION

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

The Cyber Threat Profiler

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Website Security. End-to-End Application Security from the Cloud. Cloud-Based, Big Data Security Approach. Datasheet: What You Get. Why Incapsula?

Online Vulnerability Scanner Quick Start Guide

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Enterprise-Grade Security from the Cloud

ensuring security the way how we do it

SAST, DAST and Vulnerability Assessments, = 4

Imperva Cloud WAF. How to Protect Your Website from Hackers. Hackers. *Bots. Legitimate. Your Websites. Scrapers. Comment Spammers

Interactive Application Security Testing (IAST)

How To Manage Security On A Networked Computer System

Analysis of the Global Vulnerability Management Market Platform Convergence Intensifies Competition but Creates Opportunity in Growth Technology

Scanless Vulnerability Assessment. A Next-Generation Approach to Vulnerability Management

EVALUATION SECURITY OF THE U.S. DEPARTMENT OF THE INTERIOR S PUBLICLY ACCESSIBLE INFORMATION TECHNOLOGY SYSTEMS

Reducing Application Vulnerabilities by Security Engineering

Payment Card Industry (PCI) Penetration Testing Standard

Guide to Vulnerability Management for Small Companies

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Web Application Penetration Testing

Table of Contents. Page 2/13

WHITE PAPER ON SECURITY TESTING IN TELECOM NETWORK

White Paper. Guide to PCI Application Security Compliance for Merchants and Service Providers

How To Manage A Network Security Risk

Patch and Vulnerability Management Program

White Paper The Dynamic Nature of Virtualization Security

How to achieve PCI DSS Compliance with Checkmarx Source Code Analysis

Excellence Doesn t Need a Certificate. Be an. Believe in You AMIGOSEC Consulting Private Limited

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. Chapter 4 Finding Network Vulnerabilities

G-Cloud Service Definition. Atos infrastructure Vulnerability Scanning (Outpost24) SaaS

DFW INTERNATIONAL AIRPORT STANDARD OPERATING PROCEDURE (SOP)

Cautela Labs Cloud Agile. Secured. Threat Management Security Solutions at Work

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

Development Processes (Lecture outline)

Attack Vector Detail Report Atlassian

Sample Vulnerability Management Policy

PENETRATION TESTING GUIDE. 1

Analyzing Security for Retailers An analysis of what retailers can do to improve their network security

Mean Time to Fix (MTTF) IT Risk s Dirty Little Secret Joe Krull, CPP, CISSP, IAM, CISA, A.Inst.ISP, CRISC, CIPP

case study Core Security Technologies Summary Introductory Overview ORGANIZATION: PROJECT NAME:

DETECT AND RESPOND TO THREATS FROM THE DATA CENTER TO THE CLOUD

IBM Security QRadar Vulnerability Manager

1 Introduction Product Description Strengths and Challenges Copyright... 5

CORE Security and GLBA

Integrating Security Testing into Quality Control

05.0 Application Development

Security. Security consulting and Integration: Definition and Deliverables. Introduction

CTERA End-to-End Security. Whitepaper by CTERA Networks

8 Steps for Network Security Protection

End-to-End Application Security from the Cloud

SERENA SOFTWARE Serena Service Manager Security

8 Steps For Network Security Protection

Network Security and Vulnerability Assessment Solutions

WEB APPLICATION VULNERABILITY STATISTICS (2013)

DEFENSE THROUGHOUT THE VULNERABILITY LIFE CYCLE WITH ALERT LOGIC THREAT AND LOG MANAGER

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

PCI DSS 3.0 Compliance

Impact of Cybersecurity Innovations in Key Sectors (Technical Insights)

Secrets of Vulnerability Scanning: Nessus, Nmap and More. Ron Bowes - Researcher, Tenable Network Security

Extreme Networks Security Analytics G2 Vulnerability Manager

Closing Wireless Loopholes for PCI Compliance and Security

Penta Security 3rd Generation Web Application Firewall No Signature Required.

Transcription:

SWAT PRODUCT BROCHURE

WEB APPLICATION SECURITY Web application security has been a huge challenge for companies during the last couple of years since there are very few competent solutions available in the market. The first option is to acquire a basic web application scanner with very limited capacity; this option should be indisputably avoided, especially by companies with high brand-value associated to online presence. A second option is to purchase a complex web scanner that requires experienced security experts to run efficiently on a daily basis. This option can significantly increase a company s yearly operation costs since skilled technicians are expensive to maintain as full-time employees, and will also require considerable training. The third option is to hire a security company to perform elaborate penetration tests on the different company websites identifying all immediate threats. Although this option is extremely accurate, unfortunately, it is considered a short-term remedy since new attack methods are developed every day, as well as web applications change frequently. THE ULTIMATE SCANNING SOLUTION FOR WEB APPLICATIONS The Secure Web Application Tactics (SWAT) is a combined solution between state-of-the-art scanning tools and security experts which provides the most accurate and reliable web application scanning solution available on the market. The intelligent technology used in SWAT enables it to alter its behaviour as it is not only able to identify already exisiting threats but also to learn about new ones. SWAT delivers results with zero false-positives, does not require special training, and it includes expert technical support available 24/7. Additionally, since SWAT provides continuous monitoring, it ensures customers websites remain protected even when web applications change or new attack methods are introduced.

SOLUTION BENEFITS Challenge: Web applications change frequently, introducing new functions and content Solution: Continuous monitoring SWAT is an intelligent solution with the capability to identify and react to new threats by altering its behavior patterns accordingly. SWAT continuously monitors web applications detecting any changes such as new pages or content. While scanning, it uses a very low intensity and load over an extended period, ensuring maximum coverage while producing less impact. Challenge: Security scanners often corrupt web applications and interfere with daily operations Solution: Production-safe scanning Web applications have a wide range of functionalities that can be affected while running a scan and technical inputs may also cause disruptions, for example; certain database commands can cause unwanted actions to be performed. SWAT follows the strictest regulations to ensure safe scanning practices by avoiding any disturbance in the availability or integrity of information. Challenge: Inaccurate detections causing incorrect findings and missed vulnerabilities Solution: Analysis, verification, testing and false-positive elimination SWAT delivers reports with information previously verified by security experts. These reports eliminate the problem of false-positives and enable customers to mitigate their risks quickly. Challenge: Technical vulnerabilities are frequently hard to understand, and expert support may be required for further clarification Solution: Expert technical support 24/7 Outpost24 offers expert technical support available 24/7. Customers can post questions regarding newly identified vulnerabilities directly in the interface and receive responses from the security experts that can be tracked to the vulnerabilities. Challenge: Web application scanners are not able to test the logic of an application Solution: A combination of state-of-the-art scanning tools and leading security experts Testing for problems regarding confidentiality, access restrictions, or vertical escalation attacks is very subjective and hard for a traditional tool to achieve; it depends completely on the human perception of the applications intended behavior. SWAT addresses this through its advanced learning features and the accurate on-boarding process and verification services, combined with the support ofexperienced security experts, reaching full coverage also for this threat class.

TECHNICAL COMPARISON The Open Web Application Security Project Top 10 (OWASP TOP 10) includes the most commonly found and reported vulnerabilities in web applications. It groups vulnerability findings into families; therefore, traditional web scanner offerings address only subsets of the different threat families often scoring 75% of false-negatives. OWASP top 10 2013 Automated tools Penetration Testing SWAT A1-Injection A2-Broken Authentication and Session Management Poorly supported A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References Poorly supported A5-Security Misconfiguration A6-Sensitive Data Exposure Only default types A7-Missing Function Level Access Control Poorly supported A8-Cross-Site Request Forgery (CSRF) Low accuracy A9-Using Components with Known Vulnerabilities Low accuracy and coverage A10-Unvalidated Redirects and Forwards

FINDINGS VIEW APPLICATION VIEW The Monitoring and coverage table listed below displays a security review performed against an application, its ability to detect change to that application over time, and its ability to understand and work with a dynamic application. Even though penetration tests are very thorough and include maximum coverage, they are very limited in their ability to maintain high-security levels over time. Monitoring and coverage Automated tools Penetration Testing SWAT Zero Touch Configuration Maximum links Often 2000-8000 Dictated by time Unlimited Continuous detection If implemented in the process Test new deployed content Detect changed credentials Poorly Rogue website detection Rarely Rarely Time available for a test Often 12-24 hours Often a week Continuous Smart form testing

Production Safety relates to the risks involved when a scanner or a test affects the test object. Often, penetration tests are not production safe unless specified upon specific request when this is considered a key priority for the client. Production safety is key for critical applications where data integrity is of great importance, and poorly executed test-cases affect the end-users application experience. Production safety Automated tools Penetration Testing SWAT Production safe testing Medium Low traffic and database intensity Submit forms only when safe Prevents dangerous link use

VULNERABILITY DISCUSSION VIEW Verification and guidance chart relates to the degree of expertise an organization requires to be able to use and benefit from a solution over time. Web application security is a niche competence, and it is often expensive to maintain within an organization. Verification and guidance Automated tools Penetration Testing SWAT False positives removed Proof of exploitability provided Poorly Vulnerability rating put in context Context-aware CVSS scoring Sometimes Unlimited re-testing and verifications Retests rarely possible Ask experts for advice on remediation On delivery only Smart vulnerability grouping

ABOUT OUTPOST24 Founded in 2001; Outpost24 is a vulnerability management company providing best-in-class solutions to help users identify and mitigate weaknesses in their network. Outpost24 offers real-time vulnerability alerts and solution-based reports that facilitate the instant recognition of imminent threats. With more than 40 locations worldwide, Outpost24 collectively scans over 400 million IP addresses weekly and detects more than 12 thousand vulnerabilities on a daily basis. More than 2000 companies around the world trust Outpost24 to protect their internal and external networks; from government entities, to financial institutions; and from global retailers to telecommunication providers. For more information visit www.outpost24.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information