Positive Technologies Application Inspector


Published on

1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Positive Technologies Application Inspector

  1. 1. Application Inspector — PRODUCT BRIEF Simplify Compliance and Control Security HIGHLIGHTS • Achieve a high-level of assurance through our innovative use of SAST, DAST and IAST with automatically generated vulnerability exploits vulnerabilities and not code errors • Standardize security across multiple languages and platforms including web, mobile and ERP • Improve security by integrating with • WAF and IPS Today, most organizations rely on network and web-based applications for everything from business process management to cloud-based file sharing and storage services. Likewise, mobile applications are lurking just around the corner, poised to change the enterprise landscape, yet again. However, in a rush for higher profits, most companies have overlooked the underlying danger that these types of applications pose. According to Verizon’s 2013 Data Breach Report, almost one in three cyber-crime and cyber-espionage attacks were initiated using application vulnerabilities as attack vectors. Additionally, the scientists at Positive Research recently found that 50% of online banking applications can be exploited to gain unauthorized access to corporate networks and data and to make fraudulent transactions. More than a decade of research and practical knowledge from auditing over 1,000 unique applications has gone into Application Inspector — a single, user-friendly solution which allows you to quickly find and fill security holes within your applications. Resolving vulnerabilities swiftly and efficiently is critical — you can’t afford to spend time chasing false alarms. Application Inspector’s intelligent scanning engine finds true vulnerabilities while ignoring sourse code programming errors — drastically reducing the number of potential false positives. In contrast to other source code analysis products, Application Inspector is able to examine software that is written in multiple languages; for example an ASP. NET web application with an HTML 5.0 and JavaScript frontend that uses SQL databases. By automating the entire process, Application Inspector eliminates the difficulties with application security assurance — slashing your compliance costs and putting you in control of your enterprise security posture. Know Your Risks - Instantly Notasecurityexpert? Don’tworry.Ourautomationquicklyshowsyouhow vulnerabilitiesinyourcodecanbeexploited—savingyoufromhavingtotracethe logiconyourown.WhenApplicationInspectordetectsavulnerability,itautomatically generatesanexploitvectorsuchasanHTTPorJSONrequest; demonstratingthe weaknessandhowitcouldbeusedtoattackyourbusiness. Discoveringvulnerabilitiesearlyinthedevelopmentprocesswillobviouslyhelpto ensureahigher-levelofsecurity,sowe’vedesignedApplicationInspectortointegrate
  2. 2. Application Inspector — PRODUCT BRIEF Achieve a High-Level of Assurance Most legacy source code analysis products use either Dynamic Application Security Testing (DAST) - which assesses the security of applications while they are running – or Static Application Security Testing (SAST) – which, by contrast, looks at application source code. More recently, Interactive Application Security Testing (IAST) has appeared, as some vendors attempt to combine DAST and of DAST, SAST and IAST at appropriate stages of analysis – delivering the abstract interpretation, Application Inspector provides code and API coverage and faultsafe assessment similar to SAST tools. Its built-in multi-language tracing engine provides IAST-type analysis for complex cases and the unique exploit generator yields results that are easy to understand. About Positive Technologies. Positive Technologies is at the cutting edge of IT Security. We are one of the top ten worldwide vendors of Vulnerability Assessment systems detecting and managing vulnerabilities in IT systems. Positive Technologies puts research at the heart of our operations, to ensure our products Unify Security Under A Single Solution Security is only as good as the weakest link; that’s why Application Inspector allows you to secure a broad range of applications including: •Network and Web Applications — languages such as .NET, Java and PHP •Mobile Applications — Android and Windows Phone 8 •ERP Systems —l anguages such as ABAP/ Java/ PL/SQL for SAP and Oracle EBS Additional Features •Advanced pattern detection analysis discovers recurring vulnerabilities/ backdoors with similar business logic and syntax •Detects well-disguised vulnerabilities by monitoring for their symptoms •Works with many technologies including: Java (Java SE, Java for Android, JavaEE, Java Frameworks), .NET (MSIL), SQL (SQL 92, PL/SQL, T-SQL), PHP, Web Technologies (HTML 5, JavaScript, VBScript, JSON/XML-RPC), XML (Generic, XSLT, Xpath, Xquery) and •Detects a wide variety of attacks and vulnerabilities including: SQL injection, Cross site scripting, Object injection, HTTP response splitting, XPath injection, LDAP injection, Expression Language Injections •Can be installed on a single machine or network server. Also available as a SaaS solution •Integrates seamlessly with Positive Technologies MaxPatrol and Application Firewall products Application Inspector in action L Vul A = anguage Database nerabilities Database pplication Source Code Static Analyser Dynamic Slice Dynamic Analyser Exploit Generator Reports Positive Research Vulnerabilities Vulnerabilities Highlight Code www. Exploits EMEA@ptsecurity.com / www.ptsecurity.com / www.maxpatrol.com