Secure Applications

Applications are strategic engines for business innovation - and a top target for cyber-criminals. But now you have an ally as big as your challenges. With our scalable cloud-based service and programmatic approach, you can finally secure your entire global application infrastructure - and continuously innovate without sacrificing security along the way. Applications have become the path of least resistance for cyber-attackers because they are:

  • Constantly exposed to the Internet and easy to probe by outside attackers using freely available tools that look for common vulnerabilities such as SQL Injection.
  • Easier to attack than traditional targets such as the network and host operating system layers which have been hardened over time. Plus, networks and operating systems are further protected by mitigating controls such as next-generation firewalls and IDS/IPS systems
  • Driven by short development cycles that increase the probability of design and coding errors - because security is often overlooked when the key objective is rapid time-to-market.
  • Assembled from hybrid code obtained from a mix of in-house development, outsourced code, third-party libraries and open source - without visibility into which components contain critical vulnerabilities.
  • Likely to present a larger attack surface with Web 2.0 technologies that incorporate complex client-side logic such as JavaScript (AJAX) and Adobe Flash.

Our Application Scanning solution offers a unified solution to find, secure, and monitor all of your applications, this includes:

  • Discovery : According to SANS, many organizations don't even know how many applications they have in their domains. Our Discovery service addresses this visibility gap by creating a global inventory of all your public-facing web applications such as corporate sites, temporary marketing sites, related sites (.mail, .info, etc.), international domains and sites obtained via M&A.
  • DynamicMP (Massively Parallel) : Baseline your application risk by quickly identifying highly exploitable vulnerabilities such as those found in the OWASP Top 10 and CWE/SANS Top 25.
  • DynamicDS (Deep Scan) : Perform a comprehensive deep scan that identifies web application vulnerabilities using both authenticated and non-authenticated scans, including looking for attack vectors such as cross-site scripting (XSS), SQL injection, insufficiently protected credentials and information leakage.
  • ssembled from hybrid code obtained from a mix of in-house development, outsourced code, third-party libraries and open source — without visibility into which components contain critical vulnerabilities.
  • Virtual Scan Appliance (VSA) : Perform a deep scan of applications located behind the firewall, typically in QA or staging environments, in order to find vulnerabilities prior to deployment. The VSA also helps secure internal web applications from insider attacks or attacks by malicious outsiders who gain access to insider credentials.

Secure Application