For further information please contact:sales@buguroo.com
Current Issues          Threats ‘Creating an extension thatenable unauthorized access to    Facebook and Twitter          ...
Risks of unsafe programming        Threats‘ 95% of intending attacks     are against the       application’               ...
Statistics: Vulnerabilities in Internet applications (1 of 2)               % Vulnerabilities located for each type of tes...
Statistics: Vulnerabilities in Internet applications (2 of 2)     % Most common vulnerabilities                 % Sectors ...
Limitations on current solutions                                                                           Black box audit...
Our Solution:•   buguroo has designed and implemented bugScout, the most powerful managed service on    the market, regard...
Advantages (1 of 2) bugScout reduces the  cost of manual audit in  more than 90%                               bugScout ...
Advantages (2 of 2)•   bugScout allows correction of errors in real time, encouraging the learning of the developers’ team...
- Technology and features•   bugScout consists of a Web console from which to offer multiple functionalities to easily ope...
The environment   - Portal access
The environment                                       - Modular, extensive and scalable           …                       ...
The environment                          - Modular, extensible and scalable         1. Framework. Interface to access up t...
Framework - Modules (1 of 5)    1. Dashboard•    User configurable start menu where you can, take a look, review the secur...
Framework - Modules: Dashboard (2 of 5)
Framework - Modules (3 of 5)    2. Projects•    From this module can be classified projects and applications, for later an...
Framework - Modules (4 of 5)    4. Vulnerabilities•    Module from which to work with the results of audits, enabled to ve...
Framework - Modules: Projects (5 de 5)
The environment                        - Modular, extensible and scalable         1. Framework. User interface to access u...
Core (1 of 4)    2. Core•    bugScout Core consists of a vulnerability pattern recognition system on analyzed software. Th...
Core (2 of 4) – Main features                                                                          Generation of model...
Core – Main features (3 of 4)     2. Core1.    Detection of language processing: using different filters and patterns, bug...
Core – Main features (4 of 4)     2. Core5.    Data flow analysis: is the compression of the source code itself and will b...
The environment                        - Modular, extensible and scalable         1. Framework. User interface to access u...
BackEnd (1 of 4)    3. BackEnd•    bugScout BackEnd stores in Cloud the data the tool works with. Our BackEnd model, incor...
BackEnd (2 of 4)                Data flow        Control flow               Controller Unit    ConnectorData              ...
BackEnd (3 de 4)    3. BackEnd•    bugScout BackEnd architecture provides a flexible and conceptuality simple design, whic...
BackEnd (4 of 4)    3. BackEnd•    bugScout BackEnd presents a secure, flexible and scalable management system:         F...
Why                           is the best solution?•   bugScout has been designed by one of the best and qualified teams w...
www.buguroo.com                         For further information please contact:                                           ...
Upcoming SlideShare
Loading in …5
×

We present Bugscout

1,566 views

Published on

Published in: Technology
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,566
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

We present Bugscout

  1. 1. For further information please contact:sales@buguroo.com
  2. 2. Current Issues Threats ‘Creating an extension thatenable unauthorized access to Facebook and Twitter accounts’ Fines Source: www.elmundo.es ‘Record fine of € 2.8M to the British subsidiary of the insurer Zurich for having lost data from tens thousands Vulnerability customers’ ‘How was Stuxnet attack Source: AFP directed against Iran’ nuclear facilities’ Source: www.elpais.com
  3. 3. Risks of unsafe programming Threats‘ 95% of intending attacks are against the application’ Fines ‘The result of an attack or data loss involves serious legal consequences to the Vulnerability company’ ‘Over 90% of Internet vulnerabilities are in the code’
  4. 4. Statistics: Vulnerabilities in Internet applications (1 of 2) % Vulnerabilities located for each type of test 100 80 60 Urgent 40 Critical 20 High 0 Medium % Sites (All) % Sites % Sites % Sites Low (Scans) (Blackbox) (WhiteBox) Source: WASC (web application security consortium)
  5. 5. Statistics: Vulnerabilities in Internet applications (2 of 2) % Most common vulnerabilities % Sectors affected by attacks 7% 11% 5% 3% 12% XSS 4% Finance Education 39% 19%4% Information Social/Web Leakage 12% Media Retail7% SQLi Technology Internet Goverment Insufficent Entertainment Transport Layer Protection 16% Fingerprinting 12% 32% Source: WASC (web application security consortium)
  6. 6. Limitations on current solutions Black box audit limitations • Do not audit the whole application Manual audits limitations• Costs. Despite of being one of the most effective • Are less accurate solutions, the magnitude of the source code is so vast in this type that are often scrapped on cost grounds • May incur in service degradation• Timeouts. The delivery of reports in a manual audit code requires such long wait times, which often decisions are made before results delivery Common limitations to both audits• Depend on development completion • They do not address future vulnerabilities. Everyday new security holes are found • Do not include software updates, causing the rapid obsolescence of work audited
  7. 7. Our Solution:• buguroo has designed and implemented bugScout, the most powerful managed service on the market, regarding analysis of vulnerabilities in source code:  bugScout automatically detects over 94% of vulnerabilities in the code. Is the most powerful solution on the market: its competition only detects 60% of existing vulnerabilities  Operates in a decentralized manner in cloud, allowing unlimited scalability  bugScout enables its partners, through its solution’ appliances, building and managing their own clouds  bugScout is designed to audit multiple codes simultaneously without performance penalty
  8. 8. Advantages (1 of 2) bugScout reduces the cost of manual audit in more than 90%  bugScout is integrated into the software development cycle, speeding up business processes  bugScout minimizes waiting time result in more than 99%
  9. 9. Advantages (2 of 2)• bugScout allows correction of errors in real time, encouraging the learning of the developers’ team• bugScout enables to audit of the entire application in full• bugScout audits are more accurate, its technology can effectively track the whole code• Avoid uncontrolled errors: Denial of Service attacks, untended spam…• bugScout update real-time signatures of public and private, due to the recurrent nature of its technology• bugScout easily integrates with the software development cycle• bugScout connects directly to the development repository, can audit the software, from minute one, without interrupting the production process
  10. 10. - Technology and features• bugScout consists of a Web console from which to offer multiple functionalities to easily operate on the code, avoiding any heavy agents or prior installation of software on the client• Also includes:  A detection system of public and private vulnerabilities updated daily  Multi-audit platform, capable of analyzing code simultaneously without interfering with the performance at the same time  Multi-user access platform and permissions granularity
  11. 11. The environment - Portal access
  12. 12. The environment - Modular, extensive and scalable … …… … Tasks Licenses Query Tasks Licenses Query FRAMEWORK 1 FRAMEWORK NDISTRIBUTED COMMUNICATIONS BUS (BACKEND) DISTRIBUTED COMMUNICATION BUS (BACKEND) CORE 1 …. N ENGINE SchedulerTasks Licenses Result Motor N … Decompression Fam. 1 P1 Cond. 1 Decoded .. .. .. Motor 1Core Engine Fam. N PN Cond. N
  13. 13. The environment - Modular, extensible and scalable 1. Framework. Interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
  14. 14. Framework - Modules (1 of 5) 1. Dashboard• User configurable start menu where you can, take a look, review the security of the company s applications• The work area is editable, can be added, modified and/ or delete graphics, and rearrange or resize them using Drag & Drop• The graphics also are interacting, so moving pointer can be seen the values they represent• To make this possible, the design has been done relying on the latest web 2.0 techniques, without sacrificing security and performance
  15. 15. Framework - Modules: Dashboard (2 of 5)
  16. 16. Framework - Modules (3 of 5) 2. Projects• From this module can be classified projects and applications, for later analysis, also from this section can be requested manual audits, re-audited code to check on progress, asked for auditor to perform a penetration test or a report or check vulnerabilities• Also from this section can be requested manual audits, re-audited code to check on progress, asked for an auditor to perform penetration test or a report to check vulnerabilities 3. Document management• Simple Document Management System enables to consult reports generated automatically or manually, as well as help documentation on the tool, generate asymmetric encryption keys, perform secure uploads of source code to audit
  17. 17. Framework - Modules (4 of 5) 4. Vulnerabilities• Module from which to work with the results of audits, enabled to verify the proposed solutions, references, explanations of the vulnerabilities, etc. 5. Reports• Enabled module to generate reports and technical executives at different levels 6. Administration• Enabled module for managing users, groups and roles• Oriented menu creation and hierarchical structure of companies (customers, suppliers)• You can configure the look & feel of the interface according to the standards and corporate logos of each company, and generate reports tailored to each company
  18. 18. Framework - Modules: Projects (5 de 5)
  19. 19. The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and Solutions
  20. 20. Core (1 of 4) 2. Core• bugScout Core consists of a vulnerability pattern recognition system on analyzed software. The entire process provides an analysis of reliability code to detect patterns that would allow attacker to access unauthorized data• Main functionalities: 1. Detection of language processing 2. Lexical Analysis 3. Parsing 4. Generation of modeling software application architecture 5. Data flow analysis 6. Vulnerable pattern detection 7. Discrimination of false positives 8. Communication of potential vulnerabilities found
  21. 21. Core (2 of 4) – Main features Generation of modeling Detection of Lexical analysis Parsing software applicationlanguage processing architecture Communication of Discrimination of Vulnerable pattern Data flow analysispotential vulnerabilities false positives detection found
  22. 22. Core – Main features (3 of 4) 2. Core1. Detection of language processing: using different filters and patterns, bugScout Core determines which language contains every file and proceeds to generate the basic structure to continue the process2. Lexical analysis: essential process to begin analysis of a language, to do so, bugScout Core integrates directly with the lexical analyzer for each language3. Parsing: bugScout Core uses the parser that defines each own language, since it is the most accurate way to profile the sources. Requiring, at times, certain amendments in order to make the construction of application software architecture4. Generation of modeling software application architecture: is the memory representation of code to analyze, but with a greater degree of computation, allowing the tree to perform operations that require high computational effort, in minimum time
  23. 23. Core – Main features (4 of 4) 2. Core5. Data flow analysis: is the compression of the source code itself and will be analyzed to determine if the code contains vulnerability patterns6. Pattern Detection vulnerable: the search for vulnerabilities, bugScout Core bet a complex plug-ins architecture that will facilitate future updates of signatures based on new patterns vulnerable. Through these plug-ins based on regular expressions formed expressly for each specific language, you can determine with a high degree of probability if there is a vulnerability in the code7. Discrimination of false positives: Performs the necessary backtracking and discard, depending on the conditions that the pattern found, representing this particular code, confirming whether or not a real risk in a such pattern8. Communication of potential vulnerabilities found: in this process bugScout Core communicates the visual, the existence of security flaws in the code to display
  24. 24. The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
  25. 25. BackEnd (1 of 4) 3. BackEnd• bugScout BackEnd stores in Cloud the data the tool works with. Our BackEnd model, incorporates the latest technologies, which allow maximum efficiency compatibility of stored data, secure environment essential feature of a maximum security environment• Advantages  Improved development time  Improved effectiveness  Scalability  Flexibility  Availability  Management  Security
  26. 26. BackEnd (2 of 4) Data flow Control flow Controller Unit ConnectorData BBDD 1…N BBDD Controller BBDD
  27. 27. BackEnd (3 de 4) 3. BackEnd• bugScout BackEnd architecture provides a flexible and conceptuality simple design, which allows to develop a fast and flexible environment• Integration Cloud Storage technology, provides systems and networks our capacity to grow and scale, with a minimum manual handling• Safety is an integral part of computing in cloud. Architectural design of a group of systems that work directly on highly sensitive information, to protect the information accordingly. bugScout BackEnd goes a step further by considering that involves integration Cloud Storage with three key additional services:  Resizing  Disaster Recovery  Data security and communications
  28. 28. BackEnd (4 of 4) 3. BackEnd• bugScout BackEnd presents a secure, flexible and scalable management system:  FileNetSystem, paradigm implies that from a single console can be managed independently, each of the Cloud Storage Systems  Management System enabling self-configuration in expansion modules. Driver modules themselves are capable of detecting a new infrastructure and adapt the present configuration, giving the administrator the options available, facilitating the scaling system• bugScout BackEnd provides the following benefits:  Compliance with laws and regulations  Hardware failover  Long feasibility of IT resources  Secured assets in physical environments  Data isolation
  29. 29. Why is the best solution?• bugScout has been designed by one of the best and qualified teams with projects worldwide• Does not require extensive knowledge of security• bugScout gets the best detection and false positive rates on the market• This is the first tool that has other language independent, rejecting the pseudo-code conversion. Thus extending the detection rate, being able to locate errors and deprecated library functions, vulnerabilities, sensitive information in comments, ectc.• bugScout automatically corrects the vulnerable parts of the code, proposing effective solutions to build secure applications• Lets you easily manage vulnerabilities, reporting, storing documentation, see statistics, historical control…
  30. 30. www.buguroo.com For further information please contact: sales@buguroo.com Tel.: (34) 917 816 160 Plaza Marqués de Salamanca, 3-4, 28006 Madrid

×