View

Sorting

Products found: 6

logo
Offer a reference bonus
1.40

Acunetix Vulnerability Scanner

With the uptake of cloud computing and advancements in browser technology, web applications have become a core component of business processes, and a lucrative target for hackers. Organizations must make web application security not only a priority, but a fundamental requirement. Enter Acunetix Vulnerability Scanner! A Firewall is not enough Firewalls, SSL and hardened networks are futile against web application hacking. Web attacks are carried out over HTTP and HTTPS; the same protocols that are used to deliver content to legitimate users. Web applications are often tailor-made and tested less than off-the-shelf-software; the repercussions of a web attack are often worse than traditional network-based attacks.
  • Detects over 4500 web application vulnerabilities.
  • Scan open-source software and custom-built applications.
  • Detects Critical Vulnerabilities with 100% Accuracy.
Technology Leader in Automated Web Application Security Acunetix are the pioneers in automated web application security testing with innovative technologies including:
  • DeepScan Technology – for crawling of AJAX-heavy client-side Single Page Applications (SPAs).
  • Industry’s most advanced SQL Injection and Cross-site Scripting testing – includes advanced detection of DOM-based XSS.
  • AcuSensor Technology – Combines black box scanning techniques with feedback from its sensors placed inside source code.
Fast, Accurate, Easy to Use Multi-threaded, lightning fast crawler and scanner that can crawl hundreds of thousands of pages without interruptions.
  • Highest detection of WordPress vulnerabilities – scans WordPress installations for over 1200 known vulnerabilities in WordPress’ core, themes and plugins.
  • An easy to use Login Sequence Recorder that allows the automatic scanning of complex password protected areas.
  • Review vulnerability data with built-in vulnerability management. Easily generate a wide variety of technical and compliance reports.
... Learn more
-
ROI-
-
4
8
logo
Offer a reference bonus
1.70

AppSpider

While today’s malicious attackers pursue a variety of goals, they share a preferred channel of attack—the millions of custom web, mobile, and cloud applications companies deploy to serve their customers. AppSpider dynamically assesses these applications for vulnerabilities across all modern technologies, provides tools that speed remediation and monitors applications for changes. Keep your applications safe and secure—now and moving forward. KNOW YOUR WEAK POINTS AppSpider automatically finds vulnerabilities across a wide range of applications— from the relatively simple to the most complex—and it includes unique capabilities and integrations that enable teams to automate more of the security testing program across the entire software development lifecycle (SDLC), from creation through production. Coverage is the first step to scanner accuracy. Scanners were originally built with a crawl and attack architecture, but crawling doesn’t work for web services and other dynamic technologies. AppSpider can still crawl traditional name=value pair formats like HTML, but it also has a Universal Translator that can interpret the new technologies being used in today’s web and mobile applications (AJAX, GWT, REST, JSON, etc.). With AppSpider, you can: • Close the coverage gap with our Universal Translator • Intelligently simulate real-world attacks • Continuously monitor your applications • Stay authenticated for deep assessment AppSpider includes interactive actionable reports that prioritize the highest risk and streamline remediation efforts by enabling users to quickly get to and analyze the data that matters most. With one click, you can drill deep into a vulnerability to get more information and replay attacks in real-time. Sifting through pages and pages of vulnerabilities in a PDF report takes too much time. AppSpider provides interactive, actionable reports that behave like web pages with an intuitive organization and links for deeper analysis. The analysis doesn’t have to be tedious: Findings are organized and consolidated by attack types (XSS, SQLi, etc.), and with one click, you can drill deep into a vulnerability to get more information. AppSpider’s sophisticated reports reduce remediation time and streamline communication with developers. With AppSpider, you can: • Conduct deeper analysis with interactive reports • Quickly replay web attacks • Categorize applications for easy reporting In order to improve your overall security posture, you need a high-level view of your application security program that enables you to see where things stand. AppSpider enables centralized control, automation, and interoperability over all aspects of your enterprise web application security program, including continuous scanning configuration, user permissions, scheduling, and monitoring. In addition, AppSpider includes trends and analyze data to help collaborate with all stakeholders toward improved security posture. Time is critical when remediating vulnerabilities. Using innovative automated rule generation, AppSpider’s defensive capabilities help security professionals patch web application vulnerabilities almost immediately—in a matter of minutes, instead of days or weeks. Without the need to build a custom rule for a web application firewall (WAF) or intrusion prevention system (IPS), or the need to deliver a source code patch, our software allows you the time to identify the root cause of the problem and fix it in the code. With AppSpider, you can: • Manage and control application security programs • Automate targeted virtual patching • Meet compliance requirements • Integrate into your DevSecOps workflow
... Learn more
-
ROI-
-
14
0
logo
Offer a reference bonus
1.00

Fortify WebInspect

  • Most comprehensive and accurate dynamic scanning tool. Seamlessly crawl modern frameworks and web technology. Use dynamic analysis to show exploitability of web application and web server vulnerabilities.
  • Automation and enterprise workflow integration. Fully automated solution that helps meet DevOps and scalability needs. Integrates with the SDLC without additional overhead.
  • Available on-premise, as a service or in hybrid. Start on-premise or as a service and expand according to your business needs. Manage DAST on-premise and as a service program centrally.
  • Compliance management. Pre-configured policies and reports for all major compliance regulations related to web application security, including PCI DSS, DISA STIG, NIST 800-53, ISO 27K, OWASP, and HIPPAA.
  • Manage enterprise application security risk. Manage application security risk and create reports for remediation and for management oversight. Monitor trends and use dynamic analysis to take action on vulnerabilities within an application.
  • Optimize scan results with agent technology. Get additional visibility and stack trace insight from scanned web applications. Optimize the scanning process based for both speed and accuracy using this technology.
WebInspect automation workflows WebInspect automation workflows use build automation tools to manage the dynamic scanning ecosystem, including QA testing and cloud deployments.  Dynamic analysis (DAST), combined with static analysis (SAST), provides more thorough coverage, but automating dynamic is more complex. You can either build your own tech stack, or borrow a framework. This guide helps you accelerate your automation by using existing test automation scripts/frameworks that other enterprises have already created as part of their DevOps practices.
... Learn more
-
-
ROI-
-
12
14
logo
Offer a reference bonus
2.00

IBM Security AppScan Standard

Safeguard apps with static and dynamic testing across their lifecycle In today’s increasingly sophisticated threat landscape, the ramifications of under-secured web, mobile, cloud and open source applications can be dire. And since applications can compromise security across your entire organization, adopting an application security strategy that can protect apps throughout the development lifecycle needs to be a top priority. IBM® Security AppScan® and IBM Application Security on Cloud enhance web and mobile application security, improve application security program management and strengthen regulatory compliance for organizations of any size. Dynamic analysis (DAST), static analysis (SAST) and open-source testing help you identify risks, create prioritized remediation plans, and drive precise, actionable results. Why IBM Security AppScan
  • Identify and fix vulnerabilities. Reduce risk exposure by identifying vulnerabilities early in the software development lifecycle.
  • Maximize remediation efforts. Classify and prioritize application assets based on business impact and identify high-risk areas.
  • Decrease likelihood of attacks. Test applications prior to deployment and for ongoing risk assessment in production environments.
... Learn more
ROI-
-
19
7
logo
Offer a reference bonus
1.00

Netsparker Web Application Security Scanner

Audit the Security of Your Websites with Netsparker Web Application Security Scanner Netsparker finds and reports web application vulnerabilities such as SQL Injection and Cross-site Scripting (XSS) on all types of web applications, regardless of the platform and technology they are built with. Netsparker’s unique and dead accurate Proof-Based ScanningTM technology does not just report vulnerabilities, it also produces a Proof of Concept to confirm they are not false positives. Freeing you from having to double check the identified vulnerabilities. Netsparker Desktop Netsparker Desktop is available as a Windows application and is an easy-to-use web application security scanner that uses our advanced Proof-Based ScanningTM technology and has built-in penetration testing and reporting tools. Netsparker Cloud Netsparker Cloud is a scalable multi-user online web application security scanning solution. It uses our unique Proof-Based ScanningTM technology and has built-in enterprise workflow tools to help enterprises scan and manage the security of 100s and 1000s of websites.
  • Automatic Detection. Automatically detect XSS, SQL Injection and other web application vulnerabilities.
  • Dead Accurate. Use your time fixing vulnerabilities and not verifying the scanner’s findings.
  • Scalable. Easily scan 100s and 1000s of web applications simultaneously with a fully scalable service.
  • Integration. Easily integrate web security scanning in the SDLC & continuous development systems.
Why Should You Scan Your Websites for Vulnerabilities? Businesses rely on web applications because they allow employees to access critical data from anywhere at anytime, enabling them to collaborate with business partners and be more productive.  Business-focused web applications tend to be susceptible to vulnerabilities that can be automatically detected and easily exploited. Statistics and reports from trusted sources show a constant upwards trend in successful hack attacks.  Beat malicious hackers at their own game; identify and fix vulnerabilities in your web applications before they find and exploit them. Use the Netsparker automated web application security scanners to automatically identify exploitable vulnerabilities and other security flaws that can leave you and your business exposed.
... Learn more
-
-
ROI-
-
3
0
logo
Offer a reference bonus
1.00

PortSwigger Web Security Burp Suite

Automated crawl and scan Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10. Different modes for scan speed, allowing fast, normal, and thorough scans to be carried out for different purposes. Scan exactly what you want. You can perform a full crawl and scan of an entire host, or a particular branch of the site content, or an individual URL. Support for numerous types of attack insertion points within requests, including parameters, cookies, HTTP headers, parameter names, and the URL file path. Support for nested insertion points allowing automatic testing of custom application data formats, such as JSON inside Base64 inside a URL-encoded parameter. Burp’s advanced application-aware crawler can be used to map out application contents, prior to automated scanning or manual testing. Use fine-grained scope-based configuration to control exactly what hosts and URLs are to be included in the crawl or scan. Automatic detection of custom not-found responses, to reduce false positives during crawling. Advanced scanning for manual testers View real-time feedback of all actions being performed during scanning. The active scan queue shows the progress of each item that is queued for scanning. The issue activity log shows a sequential record of all issues as they are added or updated. Use the active scanning mode to interactively test for vulnerabilities like OS command injection and file path traversal. Use the passive scanning mode to identify flaws such as information disclosure, insecure use of SSL, and cross-domain exposure. You can place manual insertion points at arbitrary locations within requests, to inform the Scanner about non-standard inputs and data formats. Burp Scanner can automatically move parameters between different locations, such as URL parameters and cookies, to help evade web application firewalls and other defenses.automatically move parameters You can fully control what gets scanned using live scanning as you browse. Each time you make a new request that is within your defined target scope, Burp automatically schedules the request for active scanning. Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting. Different modes for scan accuracy, to optionally favor more false positives or negatives. Cutting-edge scanning logic Burp Scanner is designed by industry-leading penetration testers. Its advanced feedback-driven scanning logic is designed to reproduce the actions of a skilled human tester. Advanced crawling capabilities (including coverage of the latest web technologies such as REST, JSON, AJAX and SOAP), combined with its cutting-edge scanning engine, allow Burp to achieve greater scan coverage and vulnerability detection than other fully automated web scanners. Burp has pioneered the use of highly innovative out-of-band techniques to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed. Out of band techniques The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application. Burp Scanner includes a full static code analysis engine for detection of security vulnerabilities within client-side JavaScript, such a DOM-based cross-site scripting. Burp’s scanning logic is continually updated with enhancements to ensure it can find the latest vulnerabilities and new edge cases of existing vulnerabilities. In recent years, Burp has been the first scanner to detect novel vulnerabilities pioneered by the Burp research team, including template injection and path-relative stylesheet imports. Clear and detailed presentation of vulnerabilities The target site map shows all of the content that has been discovered in sites being tested. Content is presented in a tree view that corresponds to the sites’ URL structure. Selecting branches or nodes within the tree shows a listing of individual items, with full details including requests and responses where available. The sitemap also shows the vulnerabilities that have been identified. Icons in the site tree allow vulnerable areas of the target to be quickly identified and explored. Vulnerabilities are rated for severity and confidence to help decision makers focus quickly on the most significant issues.
... Learn more
-
-
ROI-
-
2
20

The ROI4CIO Product Catalog is a database of business software, hardware, and IT services. Using filters, select IT products by category, supplier or vendor, business tasks, problems, availability of ROI calculator or price calculator. Find the right business solutions by using a neural network search based on the results of deployment products in other companies.