Log in
E-mail
Password
Remember
Forgot password ?
Become a member for free
Sign up
Sign up
Settings
Settings
Dynamic quotes 
OFFON

MarketScreener Homepage  >  News  >  Companies  >  All News

News : Companies
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance ProfessionalsCalendarSectors
All News
Analyst Recommendations
Rumors
IPOs
Capital Markets Transactions
New Contracts
Profits warnings
Appointments
Press Releases
Events
Corporate actions

Secure Decisions releases new technology to help streamline and enhance web application penetration testing

share with twitter share with LinkedIn share with facebook
share via e-mail
0
02/04/2019 | 11:06am EST

NORTHPORT, N.Y., Feb. 04, 2019 (GLOBE NEWSWIRE) -- Secure Decisions, a division of Applied Visions, Inc. and a leader in cyber security research, has developed a new application security testing technology, the Attack Surface Detector (ASD), that enhances software penetration testing.

Developed under the Department of Homeland Security Science and Technology Directorate’s multi-year Application Security Technologies and Metrics (ASTAM) program, ASD helps penetration testers by automating discovery of a web application’s hidden endpoints and optional parameters, identifying gaps in an application’s visible attack surface.

Automated penetration testing, a popular method to identify exploitable vulnerabilities in a web application, often fails to identify unlinked endpoints and optional parameters. This leaves untested gaps in an application’s visible attack surface. Relying on manual penetration testing to identify gaps is time-consuming and costly. It does not guarantee complete identification of an application’s attack surface, leaving an application vulnerable despite a pen tester’s best effort to secure it.

The open source ASD plugin tool helps solve this. It is available as a standalone command line interface (CLI) and as plugins for the Burp Suite (from Portswigger) and OWASP ZAP Dynamic Application Securing Testing (DAST) tools. ASD provides a complete picture of a web application’s attack surface by examining the source code via static analysis, finding hidden or unlinked endpoints, and identifying their optional parameters and data types often missed by most DAST scanners. These are then used to pre-seed the Burp Suite and OWASP ZAP scanner tools, making testing faster and more productive.

“A hacker has all the time in the world to poke and prod an application, and only needs to find one vulnerability to compromise sensitive data and leave your application at their mercy,” said Matt DeLetto, Secure Decisions Security Software Engineer. “So, it’s important to thoroughly identify the application’s attack surface. The ASD can help pen testers do just that.”

In a recent case study, CREST-certified penetration testers analyzed the same code base with and without ASD, and compared results. They reported time savings of 4-6 hours compared to the time it would take to perform the task manually.

ASD can detect endpoints in such a way that the owner of the software IP can provide the endpoint information to independent testers without providing the source code for static analysis, protecting their IP while delivering the benefits of a thorough pen test.

The Attack Surface Difference Generator compares different versions of an application and highlights changes in endpoints between the versions, allowing pen testers to focus their testing only on the modified code.

“The value of this tool is clear,” said Brianne O’Brien, Secure Decisions Program Manager for ASTAM. “Reduced pen testing effort through automation and enhanced attack surface coverage equals time and cost savings. Through the ASTAM program we strive to build effective application security tools like ASD that can be used to improve the security posture of web applications, and reduce an organization’s security risk.”

Availability

The ASD plugin is open source and freely available for download from the Portswigger BApp Store, the OWASP ZAP Marketplace, and GitHub:

About the ASTAM Program:

The Application Security Technologies and Metrics (ASTAM) program, funded by the Department of Homeland Security (DHS) Science and Technology Directorate, seeks to improve the security of software through development and enhancement of technologies that support all aspects of the secure software development lifecycle.

ASTAM technologies automate techniques to identify cyber security threats to software applications, improve insight into code testing coverage, make it easier to incorporate AppSec into the software development pipeline, and provide meaningful metrics to security analysts and cyber risk managers about the status, progress, and trends of application security. The program brings automation to the largely manual application security process.

About Secure Decisions:

Secure Decisions, a division of Applied Visions, develops innovative technologies in cyber security, including application security, security education, network defense, and infrastructure protection. Secure Decisions automates manually-intensive security processes and supports analysis and visualization of large amounts of complex security data. Secure Decisions R&D led to development of a new application vulnerability correlation and management system, now commercially available through spin-out Code Dx, Inc.

Karen Higgins
A&E Communications, Inc.
610-831-5723 
khiggins@aandecomm.com 

Secure Decisions logo.png


© GlobeNewswire 2019
share with twitter share with LinkedIn share with facebook
share via e-mail
0
Latest news "Companies"
11:47aCORRECTION : Final Results (AGM start time)
AQ
11:47aVOLKSWAGEN : Unit Buys Tesla Battery Equipment for US Charging Stations -Reuters
DJ
11:47aLEAD PLAINTIFF DEADLINE ALERT : Faruqi & Faruqi, LLP Encourages Investors Who Suffered Losses Exceeding $100,000 Investing In Sogou, Inc. To Contact The Firm
GL
11:46aKIADIS PHARMA : appoints Dr. Robert Friesen as Chief Scientific Officer
AQ
11:46aINVENTIVA : New results on lanifibranor to be presented at the International Liver Congress 2019
AQ
11:46aPHOTOCAT A/S : 4th Quarter Interim Report 2018
AQ
11:46aEURONEXT : Dublin transitions Irish listed companies to Optiq®
GL
11:46aNew Hampshire Proposes Involuntary Servitude for Medical Professionals, States Association of American Physicians and Surgeons
GL
11:46aDEADLINE NEXT WEEK : The Schall Law Firm Announces the Filing of a Class Action Lawsuit Against Nobilis Health Corp. and Encourages Investors with Losses in Excess of $100,000 to Contact the Firm
GL
11:44aOil slides on disappointing U.S. data after hitting two-month high
RE
Latest news "Companies"
Advertisement

MOST READ NEWS

1WIRECARD : WIRECARD : says no evidence of criminal misconduct found after FT reports
2AUSTRALIA AND NEW ZEALAND BANKING GR : Goldman Sachs invests in HSBC-backed fintech app Bud
3SOMPO HOLDINGS INC : Japan insurers to target China M&A in new phase after $50 billion overseas push
4U.S. dollar, yields firm; oil comes off two-month highs
5JULIUS BÄR GRUPPE : JULIUS BÄR GRUPPE : Baer to cut jobs as profitability lags

HOT NEWS
MarketScreener.com :
About :
Stay Connected :
Partners :
Copyright © 2019 Surperformance. All rights reserved.