SlideShare a Scribd company logo

We present Bugscout

Jorge Martínez Taboada
Jorge Martínez Taboada
Technology
1 of 30
For further information please contact: sales@buguroo.com
Current Issues Threats ‘Creating an extension that enable unauthorized access to Facebook and Twitter accounts’ Fines Source: www.elmundo.es ‘Record fine of € 2.8M to the British subsidiary of the insurer Zurich for having lost data from tens thousands Vulnerability customers’ ‘How was Stuxnet attack Source: AFP directed against Iran’ nuclear facilities’ Source: www.elpais.com
Risks of unsafe programming Threats ‘ 95% of intending attacks are against the application’ Fines ‘The result of an attack or data loss involves serious legal consequences to the Vulnerability company’ ‘Over 90% of Internet vulnerabilities are in the code’
Statistics: Vulnerabilities in Internet applications (1 of 2) % Vulnerabilities located for each type of test 100 80 60 Urgent 40 Critical 20 High 0 Medium % Sites (All) % Sites % Sites % Sites Low (Scans) (Blackbox) (WhiteBox) Source: WASC (web application security consortium)
Statistics: Vulnerabilities in Internet applications (2 of 2) % Most common vulnerabilities % Sectors affected by attacks 7% 11% 5% 3% 12% XSS 4% Finance Education 39% 19% 4% Information Social/Web Leakage 12% Media Retail 7% SQLi Technology Internet Goverment Insufficent Entertainment Transport Layer Protection 16% Fingerprinting 12% 32% Source: WASC (web application security consortium)
Limitations on current solutions Black box audit limitations • Do not audit the whole application Manual audits limitations • Costs. Despite of being one of the most effective • Are less accurate solutions, the magnitude of the source code is so vast in this type that are often scrapped on cost grounds • May incur in service degradation • Timeouts. The delivery of reports in a manual audit code requires such long wait times, which often decisions are made before results delivery Common limitations to both audits • Depend on development completion • They do not address future vulnerabilities. Everyday new security holes are found • Do not include software updates, causing the rapid obsolescence of work audited
Our Solution: • buguroo has designed and implemented bugScout, the most powerful managed service on the market, regarding analysis of vulnerabilities in source code:  bugScout automatically detects over 94% of vulnerabilities in the code. Is the most powerful solution on the market: its competition only detects 60% of existing vulnerabilities  Operates in a decentralized manner in cloud, allowing unlimited scalability  bugScout enables its partners, through its solution’ appliances, building and managing their own clouds  bugScout is designed to audit multiple codes simultaneously without performance penalty
Advantages (1 of 2)  bugScout reduces the cost of manual audit in more than 90%  bugScout is integrated into the software development cycle, speeding up business processes  bugScout minimizes waiting time result in more than 99%
Advantages (2 of 2) • bugScout allows correction of errors in real time, encouraging the learning of the developers’ team • bugScout enables to audit of the entire application in full • bugScout audits are more accurate, its technology can effectively track the whole code • Avoid uncontrolled errors: Denial of Service attacks, untended spam… • bugScout update real-time signatures of public and private, due to the recurrent nature of its technology • bugScout easily integrates with the software development cycle • bugScout connects directly to the development repository, can audit the software, from minute one, without interrupting the production process
- Technology and features • bugScout consists of a Web console from which to offer multiple functionalities to easily operate on the code, avoiding any heavy agents or prior installation of software on the client • Also includes:  A detection system of public and private vulnerabilities updated daily  Multi-audit platform, capable of analyzing code simultaneously without interfering with the performance at the same time  Multi-user access platform and permissions granularity
The environment - Portal access
The environment - Modular, extensive and scalable … …… … Tasks Licenses Query Tasks Licenses Query FRAMEWORK 1 FRAMEWORK N DISTRIBUTED COMMUNICATIONS BUS (BACKEND) DISTRIBUTED COMMUNICATION BUS (BACKEND) CORE 1 …. N ENGINE Scheduler Tasks Licenses Result Motor N … Decompression Fam. 1 P1 Cond. 1 Decoded .. .. .. Motor 1 Core Engine Fam. N PN Cond. N
The environment - Modular, extensible and scalable 1. Framework. Interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
Framework - Modules (1 of 5) 1. Dashboard • User configurable start menu where you can, take a look, review the security of the company s applications • The work area is editable, can be added, modified and/ or delete graphics, and rearrange or resize them using Drag & Drop • The graphics also are interacting, so moving pointer can be seen the values they represent • To make this possible, the design has been done relying on the latest web 2.0 techniques, without sacrificing security and performance
Framework - Modules: Dashboard (2 of 5)
Framework - Modules (3 of 5) 2. Projects • From this module can be classified projects and applications, for later analysis, also from this section can be requested manual audits, re-audited code to check on progress, asked for auditor to perform a penetration test or a report or check vulnerabilities • Also from this section can be requested manual audits, re-audited code to check on progress, asked for an auditor to perform penetration test or a report to check vulnerabilities 3. Document management • Simple Document Management System enables to consult reports generated automatically or manually, as well as help documentation on the tool, generate asymmetric encryption keys, perform secure uploads of source code to audit
Framework - Modules (4 of 5) 4. Vulnerabilities • Module from which to work with the results of audits, enabled to verify the proposed solutions, references, explanations of the vulnerabilities, etc. 5. Reports • Enabled module to generate reports and technical executives at different levels 6. Administration • Enabled module for managing users, groups and roles • Oriented menu creation and hierarchical structure of companies (customers, suppliers) • You can configure the look & feel of the interface according to the standards and corporate logos of each company, and generate reports tailored to each company
Framework - Modules: Projects (5 de 5)
The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and Solutions
Core (1 of 4) 2. Core • bugScout Core consists of a vulnerability pattern recognition system on analyzed software. The entire process provides an analysis of reliability code to detect patterns that would allow attacker to access unauthorized data • Main functionalities: 1. Detection of language processing 2. Lexical Analysis 3. Parsing 4. Generation of modeling software application architecture 5. Data flow analysis 6. Vulnerable pattern detection 7. Discrimination of false positives 8. Communication of potential vulnerabilities found
Core (2 of 4) – Main features Generation of modeling Detection of Lexical analysis Parsing software application language processing architecture Communication of Discrimination of Vulnerable pattern Data flow analysis potential vulnerabilities false positives detection found
Core – Main features (3 of 4) 2. Core 1. Detection of language processing: using different filters and patterns, bugScout Core determines which language contains every file and proceeds to generate the basic structure to continue the process 2. Lexical analysis: essential process to begin analysis of a language, to do so, bugScout Core integrates directly with the lexical analyzer for each language 3. Parsing: bugScout Core uses the parser that defines each own language, since it is the most accurate way to profile the sources. Requiring, at times, certain amendments in order to make the construction of application software architecture 4. Generation of modeling software application architecture: is the memory representation of code to analyze, but with a greater degree of computation, allowing the tree to perform operations that require high computational effort, in minimum time
Core – Main features (4 of 4) 2. Core 5. Data flow analysis: is the compression of the source code itself and will be analyzed to determine if the code contains vulnerability patterns 6. Pattern Detection vulnerable: the search for vulnerabilities, bugScout Core bet a complex plug-ins architecture that will facilitate future updates of signatures based on new patterns vulnerable. Through these plug-ins based on regular expressions formed expressly for each specific language, you can determine with a high degree of probability if there is a vulnerability in the code 7. Discrimination of false positives: Performs the necessary backtracking and discard, depending on the conditions that the pattern found, representing this particular code, confirming whether or not a real risk in a such pattern 8. Communication of potential vulnerabilities found: in this process bugScout Core communicates the visual, the existence of security flaws in the code to display
The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
BackEnd (1 of 4) 3. BackEnd • bugScout BackEnd stores in Cloud the data the tool works with. Our BackEnd model, incorporates the latest technologies, which allow maximum efficiency compatibility of stored data, secure environment essential feature of a maximum security environment • Advantages  Improved development time  Improved effectiveness  Scalability  Flexibility  Availability  Management  Security
BackEnd (2 of 4) Data flow Control flow Controller Unit Connector Data BBDD 1…N BBDD Controller BBDD
BackEnd (3 de 4) 3. BackEnd • bugScout BackEnd architecture provides a flexible and conceptuality simple design, which allows to develop a fast and flexible environment • Integration Cloud Storage technology, provides systems and networks our capacity to grow and scale, with a minimum manual handling • Safety is an integral part of computing in cloud. Architectural design of a group of systems that work directly on highly sensitive information, to protect the information accordingly. bugScout BackEnd goes a step further by considering that involves integration Cloud Storage with three key additional services:  Resizing  Disaster Recovery  Data security and communications
BackEnd (4 of 4) 3. BackEnd • bugScout BackEnd presents a secure, flexible and scalable management system:  FileNetSystem, paradigm implies that from a single console can be managed independently, each of the Cloud Storage Systems  Management System enabling self-configuration in expansion modules. Driver modules themselves are capable of detecting a new infrastructure and adapt the present configuration, giving the administrator the options available, facilitating the scaling system • bugScout BackEnd provides the following benefits:  Compliance with laws and regulations  Hardware failover  Long feasibility of IT resources  Secured assets in physical environments  Data isolation
Why is the best solution? • bugScout has been designed by one of the best and qualified teams with projects worldwide • Does not require extensive knowledge of security • bugScout gets the best detection and false positive rates on the market • This is the first tool that has other language independent, rejecting the pseudo-code conversion. Thus extending the detection rate, being able to locate errors and deprecated library functions, vulnerabilities, sensitive information in comments, ectc. • bugScout automatically corrects the vulnerable parts of the code, proposing effective solutions to build secure applications • Lets you easily manage vulnerabilities, reporting, storing documentation, see statistics, historical control…
www.buguroo.com For further information please contact: sales@buguroo.com Tel.: (34) 917 816 160 Plaza Marqués de Salamanca, 3-4, 28006 Madrid

Recommended

Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-reportКомсс Файквэе
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Enhancing Cybersecurity Readiness Through International Cooperation
Enhancing Cybersecurity Readiness Through International CooperationEnhancing Cybersecurity Readiness Through International Cooperation
Enhancing Cybersecurity Readiness Through International CooperationPositive Hack Days
 
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...Global Risk Forum GRFDavos
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011WASecurity
 

Recommended

Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-reportКомсс Файквэе
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Enhancing Cybersecurity Readiness Through International Cooperation
Enhancing Cybersecurity Readiness Through International CooperationEnhancing Cybersecurity Readiness Through International Cooperation
Enhancing Cybersecurity Readiness Through International CooperationPositive Hack Days
 
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...Global Risk Forum GRFDavos
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011WASecurity
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentVinoth Sivasubramanan
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016Owais Hassan
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsFindWhitePapers
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security DeploymentCisco Canada
 
Evolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotEvolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotSymantec
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-riskКомсс Файквэе
 
A6704d01
A6704d01A6704d01
A6704d01mudigonda
 
Presentation gdl
Presentation gdlPresentation gdl
Presentation gdlJuan Carlos Carrillo
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Djadja Sardjana
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteJeremiah Grossman
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 

More Related Content

What's hot

Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentVinoth Sivasubramanan
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsFindWhitePapers
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security DeploymentCisco Canada
 
Evolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotEvolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotSymantec
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Djadja Sardjana
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 

What's hot (20)

Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 Environment
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploits
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection Platforms
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security Deployment
 
Evolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotEvolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam Bot
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
 
2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk
 
A6704d01
A6704d01A6704d01
A6704d01
 
Presentation gdl
Presentation gdlPresentation gdl
Presentation gdl
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
 
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection Methods
 

Similar to We present Bugscout

State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteJeremiah Grossman
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Eoin Keary
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
Jedi mind tricks for building application security programs
Jedi mind tricks for building application security programsJedi mind tricks for building application security programs
Jedi mind tricks for building application security programsSecurity BSides London
 
Using ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application VulnerabilitiesUsing ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application VulnerabilitiesDenim Group
 
Global Cyber Security Industry
Global Cyber Security IndustryGlobal Cyber Security Industry
Global Cyber Security IndustryReportLinker.com
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEoin Keary
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018) edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018) Eoin Keary
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report PresentationSophos
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Eoin Keary
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...DevOps Indonesia
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final ResultsCIONET
 
Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcastDome9 Security
 

Similar to We present Bugscout (20)

State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
 
ISTR XV
ISTR XVISTR XV
ISTR XV
 
Jedi mind tricks for building application security programs
Jedi mind tricks for building application security programsJedi mind tricks for building application security programs
Jedi mind tricks for building application security programs
 
Using ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application VulnerabilitiesUsing ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application Vulnerabilities
 
Global Cyber Security Industry
Global Cyber Security IndustryGlobal Cyber Security Industry
Global Cyber Security Industry
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics Report
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018) edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018)
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results
 
Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcast
 

Recently uploaded

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 

Recently uploaded (20)

Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 

We present Bugscout

  • 1. For further information please contact: sales@buguroo.com
  • 2. Current Issues Threats ‘Creating an extension that enable unauthorized access to Facebook and Twitter accounts’ Fines Source: www.elmundo.es ‘Record fine of € 2.8M to the British subsidiary of the insurer Zurich for having lost data from tens thousands Vulnerability customers’ ‘How was Stuxnet attack Source: AFP directed against Iran’ nuclear facilities’ Source: www.elpais.com
  • 3. Risks of unsafe programming Threats ‘ 95% of intending attacks are against the application’ Fines ‘The result of an attack or data loss involves serious legal consequences to the Vulnerability company’ ‘Over 90% of Internet vulnerabilities are in the code’
  • 4. Statistics: Vulnerabilities in Internet applications (1 of 2) % Vulnerabilities located for each type of test 100 80 60 Urgent 40 Critical 20 High 0 Medium % Sites (All) % Sites % Sites % Sites Low (Scans) (Blackbox) (WhiteBox) Source: WASC (web application security consortium)
  • 5. Statistics: Vulnerabilities in Internet applications (2 of 2) % Most common vulnerabilities % Sectors affected by attacks 7% 11% 5% 3% 12% XSS 4% Finance Education 39% 19% 4% Information Social/Web Leakage 12% Media Retail 7% SQLi Technology Internet Goverment Insufficent Entertainment Transport Layer Protection 16% Fingerprinting 12% 32% Source: WASC (web application security consortium)
  • 6. Limitations on current solutions Black box audit limitations • Do not audit the whole application Manual audits limitations • Costs. Despite of being one of the most effective • Are less accurate solutions, the magnitude of the source code is so vast in this type that are often scrapped on cost grounds • May incur in service degradation • Timeouts. The delivery of reports in a manual audit code requires such long wait times, which often decisions are made before results delivery Common limitations to both audits • Depend on development completion • They do not address future vulnerabilities. Everyday new security holes are found • Do not include software updates, causing the rapid obsolescence of work audited
  • 7. Our Solution: • buguroo has designed and implemented bugScout, the most powerful managed service on the market, regarding analysis of vulnerabilities in source code:  bugScout automatically detects over 94% of vulnerabilities in the code. Is the most powerful solution on the market: its competition only detects 60% of existing vulnerabilities  Operates in a decentralized manner in cloud, allowing unlimited scalability  bugScout enables its partners, through its solution’ appliances, building and managing their own clouds  bugScout is designed to audit multiple codes simultaneously without performance penalty
  • 8. Advantages (1 of 2)  bugScout reduces the cost of manual audit in more than 90%  bugScout is integrated into the software development cycle, speeding up business processes  bugScout minimizes waiting time result in more than 99%
  • 9. Advantages (2 of 2) • bugScout allows correction of errors in real time, encouraging the learning of the developers’ team • bugScout enables to audit of the entire application in full • bugScout audits are more accurate, its technology can effectively track the whole code • Avoid uncontrolled errors: Denial of Service attacks, untended spam… • bugScout update real-time signatures of public and private, due to the recurrent nature of its technology • bugScout easily integrates with the software development cycle • bugScout connects directly to the development repository, can audit the software, from minute one, without interrupting the production process
  • 10. - Technology and features • bugScout consists of a Web console from which to offer multiple functionalities to easily operate on the code, avoiding any heavy agents or prior installation of software on the client • Also includes:  A detection system of public and private vulnerabilities updated daily  Multi-audit platform, capable of analyzing code simultaneously without interfering with the performance at the same time  Multi-user access platform and permissions granularity
  • 11. The environment - Portal access
  • 12. The environment - Modular, extensive and scalable … …… … Tasks Licenses Query Tasks Licenses Query FRAMEWORK 1 FRAMEWORK N DISTRIBUTED COMMUNICATIONS BUS (BACKEND) DISTRIBUTED COMMUNICATION BUS (BACKEND) CORE 1 …. N ENGINE Scheduler Tasks Licenses Result Motor N … Decompression Fam. 1 P1 Cond. 1 Decoded .. .. .. Motor 1 Core Engine Fam. N PN Cond. N
  • 13. The environment - Modular, extensible and scalable 1. Framework. Interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
  • 14. Framework - Modules (1 of 5) 1. Dashboard • User configurable start menu where you can, take a look, review the security of the company s applications • The work area is editable, can be added, modified and/ or delete graphics, and rearrange or resize them using Drag & Drop • The graphics also are interacting, so moving pointer can be seen the values they represent • To make this possible, the design has been done relying on the latest web 2.0 techniques, without sacrificing security and performance
  • 15. Framework - Modules: Dashboard (2 of 5)
  • 16. Framework - Modules (3 of 5) 2. Projects • From this module can be classified projects and applications, for later analysis, also from this section can be requested manual audits, re-audited code to check on progress, asked for auditor to perform a penetration test or a report or check vulnerabilities • Also from this section can be requested manual audits, re-audited code to check on progress, asked for an auditor to perform penetration test or a report to check vulnerabilities 3. Document management • Simple Document Management System enables to consult reports generated automatically or manually, as well as help documentation on the tool, generate asymmetric encryption keys, perform secure uploads of source code to audit
  • 17. Framework - Modules (4 of 5) 4. Vulnerabilities • Module from which to work with the results of audits, enabled to verify the proposed solutions, references, explanations of the vulnerabilities, etc. 5. Reports • Enabled module to generate reports and technical executives at different levels 6. Administration • Enabled module for managing users, groups and roles • Oriented menu creation and hierarchical structure of companies (customers, suppliers) • You can configure the look & feel of the interface according to the standards and corporate logos of each company, and generate reports tailored to each company
  • 18. Framework - Modules: Projects (5 de 5)
  • 19. The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and Solutions
  • 20. Core (1 of 4) 2. Core • bugScout Core consists of a vulnerability pattern recognition system on analyzed software. The entire process provides an analysis of reliability code to detect patterns that would allow attacker to access unauthorized data • Main functionalities: 1. Detection of language processing 2. Lexical Analysis 3. Parsing 4. Generation of modeling software application architecture 5. Data flow analysis 6. Vulnerable pattern detection 7. Discrimination of false positives 8. Communication of potential vulnerabilities found
  • 21. Core (2 of 4) – Main features Generation of modeling Detection of Lexical analysis Parsing software application language processing architecture Communication of Discrimination of Vulnerable pattern Data flow analysis potential vulnerabilities false positives detection found
  • 22. Core – Main features (3 of 4) 2. Core 1. Detection of language processing: using different filters and patterns, bugScout Core determines which language contains every file and proceeds to generate the basic structure to continue the process 2. Lexical analysis: essential process to begin analysis of a language, to do so, bugScout Core integrates directly with the lexical analyzer for each language 3. Parsing: bugScout Core uses the parser that defines each own language, since it is the most accurate way to profile the sources. Requiring, at times, certain amendments in order to make the construction of application software architecture 4. Generation of modeling software application architecture: is the memory representation of code to analyze, but with a greater degree of computation, allowing the tree to perform operations that require high computational effort, in minimum time
  • 23. Core – Main features (4 of 4) 2. Core 5. Data flow analysis: is the compression of the source code itself and will be analyzed to determine if the code contains vulnerability patterns 6. Pattern Detection vulnerable: the search for vulnerabilities, bugScout Core bet a complex plug-ins architecture that will facilitate future updates of signatures based on new patterns vulnerable. Through these plug-ins based on regular expressions formed expressly for each specific language, you can determine with a high degree of probability if there is a vulnerability in the code 7. Discrimination of false positives: Performs the necessary backtracking and discard, depending on the conditions that the pattern found, representing this particular code, confirming whether or not a real risk in a such pattern 8. Communication of potential vulnerabilities found: in this process bugScout Core communicates the visual, the existence of security flaws in the code to display
  • 24. The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
  • 25. BackEnd (1 of 4) 3. BackEnd • bugScout BackEnd stores in Cloud the data the tool works with. Our BackEnd model, incorporates the latest technologies, which allow maximum efficiency compatibility of stored data, secure environment essential feature of a maximum security environment • Advantages  Improved development time  Improved effectiveness  Scalability  Flexibility  Availability  Management  Security
  • 26. BackEnd (2 of 4) Data flow Control flow Controller Unit Connector Data BBDD 1…N BBDD Controller BBDD
  • 27. BackEnd (3 de 4) 3. BackEnd • bugScout BackEnd architecture provides a flexible and conceptuality simple design, which allows to develop a fast and flexible environment • Integration Cloud Storage technology, provides systems and networks our capacity to grow and scale, with a minimum manual handling • Safety is an integral part of computing in cloud. Architectural design of a group of systems that work directly on highly sensitive information, to protect the information accordingly. bugScout BackEnd goes a step further by considering that involves integration Cloud Storage with three key additional services:  Resizing  Disaster Recovery  Data security and communications
  • 28. BackEnd (4 of 4) 3. BackEnd • bugScout BackEnd presents a secure, flexible and scalable management system:  FileNetSystem, paradigm implies that from a single console can be managed independently, each of the Cloud Storage Systems  Management System enabling self-configuration in expansion modules. Driver modules themselves are capable of detecting a new infrastructure and adapt the present configuration, giving the administrator the options available, facilitating the scaling system • bugScout BackEnd provides the following benefits:  Compliance with laws and regulations  Hardware failover  Long feasibility of IT resources  Secured assets in physical environments  Data isolation
  • 29. Why is the best solution? • bugScout has been designed by one of the best and qualified teams with projects worldwide • Does not require extensive knowledge of security • bugScout gets the best detection and false positive rates on the market • This is the first tool that has other language independent, rejecting the pseudo-code conversion. Thus extending the detection rate, being able to locate errors and deprecated library functions, vulnerabilities, sensitive information in comments, ectc. • bugScout automatically corrects the vulnerable parts of the code, proposing effective solutions to build secure applications • Lets you easily manage vulnerabilities, reporting, storing documentation, see statistics, historical control…
  • 30. www.buguroo.com For further information please contact: sales@buguroo.com Tel.: (34) 917 816 160 Plaza Marqués de Salamanca, 3-4, 28006 Madrid