Monitoring
24/7 security andintegrity monitoring
Detection
Instant and reliablevulnerability detection
Remediation
Virtual patching andremediation guidelines
Compliance
Sustain compliancerequirements
How we are different?
Intelligent Application Security Testing
AI Technology
Intelligent automation of complicated
AST tasks and processes
AST tasks and processes
Hybrid Approach
Scalable and cost-effective
human intervention
human intervention
Smart DevSecOps & CI/CD
Full automation of new code
detection and testing
detection and testing
What is the value proposition?
Cost-Efficient Application Security Testing
Zero False Positive SLA
Contractual Money-Back guarantee
for every client
for every client
Highest Vulnerability Coverage
Intelligent DAST, IAST & SCA technology
enhanced by human
enhanced by human
Assisted Remediation
One-click virtual patching and tailored
remediation guidelines
remediation guidelines
How do we position ourselves on the market?
Three Generations of Application Security Testing Solutions
Intelligent Automation
Quality of Testing
Web Vulnerability Scanners
Pros:
- Great Scalability
Cons:
- False-Positives
- False-Negatives
Human Augmented SaaS
Pros:
- Manual Verification
- Manual Risk Scoring
Cons:
- False-Negatives
Artificial Intelligence &
Human Testing
Human Testing
Pros:
- Intelligent Automation
- Scalable Manual Testing
- Zero False-Positives SLA
- Highest Vulnerability Coverage
Which scope do we cover?
Most Comprehensive Application Security Testing
Internal and External Apps
Virtual Appliance technology for
internal applications testing
internal applications testing
Microservices and APIs
Cognitive testing of complex
web services and SPA
web services and SPA
Mobile Applications
SAST, DAST & IAST technology
for iOS and Android apps
for iOS and Android apps
How do we outperform automated solutions?
Highest Vulnerability Detection Rate with Zero False-Positives
| OWASP Top 10 2017 Application Security Risks | Average Vulnerability Detection Rate |
| A1: Injection ? | |
| A2: Broken Authentication ? | |
| A3: Sensitive Data Exposure ? | |
| A4: XML External Entities (XXE) ? | |
| A5: Broken Access Control ? | |
| A6: Security Misconfiguration ? | |
| A7: Cross-Site Scripting (XSS) ? | |
| A8: Insecure Deserialization ? | |
| A9: Components with Known Vulnerabilities ? | |
| A10: Insufficient Logging & Monitoring ? | |
| PCI DSS 6.5.1-6.5.10 Top 10 Application Security Risks | Average Vulnerability Detection Rate |
| 6.5.1: Injection flaws ? | |
| 6.5.2: Buffer overflows ? | |
| 6.5.3: Insecure cryptographic storage ? | |
| 6.5.4: Insecure communications ? | |
| 6.5.5: Improper error handling ? | |
| 6.5.6: All high risk vulerabilities ? | |
| 6.5.7: Cross-site scripting (XSS) ? | |
| 6.5.8: Improper access control ? | |
| 6.5.9: Cross-site request forgery (CSRF) ? | |
| 6.5.10: Broken authentication ? | |
Web Vulnerability Scanners
Human Augmented SaaS
How do we benchmark against penetration testing?
Unlimited Scalability, Continuity and Cost-Effectiveness
| Capacities | Web Penetration Testing | |
|---|---|---|
| Onsite Presence |  |  |
| Zero False-Positives | | |
| Cost-Effective Manual Testing | | |
| Continuous Security Monitoring | | |
| Just-in-Time Testing of New Code | | |
| One-Click Virtual Patching Capacities | | |
| 24/7 x 365 SOC Team at Your Service | | |
What about bug bounties and crowd testing?
Continuous Reduction of Cost per Vulnerability Detection
What does Customer Portal look like?
Dashboard for Application Security Testing Orchestration
WAF Technology Alliance Partnerships for One-Click Virtual Patching
What do our customers say?
Testimonials and Customer References
