Licenses for Edgescan Solutions
See an overview of the platform in a 10-minute video. Watch Demo
See an overview of the platform in a 10-minute video. Watch Demo
Licenses for Edgescan Solutions
External Attack Surface Management (EASM), Risk-based Vulnerability Management (RBVM), Application Security Testing (AST), API Security Testing, and Penetration Testing as a Service (PTaaS). We also provide mobile application security testing.
| 100% vulnerability validation – no false positives |
| Unlimited automated assessments (network scans and DAST (Application and/or API)) |
| Unlimited retesting of vulnerabilities |
| Expert remediation guidance |
| Premium support from FTE security (OSCP/CREST) experts |
| Prebuilt and custom RESTful API Integrations |
| Unlimited role-based user accounts |
| Unlimited, on-demand, customized reportingCISA KEV and EPSS correlation of applicable vulnerabilities |
Web applications (authenticated and unauthenticated), API’s (JSON, XML, WSDL, YAML and Graph), microservice architecture, single page applications, mobile applications.
Servers, routers, switches, firewalls, domain controllers, data center, desktops (any layer 2 and layer 3 devices), printers, cloud assets, container hostnames, IOT and anything that has an IP address which is visible to Edgescan. Single IP’s, hostnames, blocks, CIDR and IPV6 are all supported.
Core Value: Discovery of all internet-facing assets associated to a domain, and continuous monitoring of defined external IP range(s)
Edgescan Solutions: External Attack Surface Management, API Security Testing
Security Coverage: Domains and external IP ranges.
Internet discovery for a primary domain including, but not limited to, subdomains, internet records, registrants, and services. Continuously assesses and alerts users about network changes and APIs discovered in their defined external attack surface.
Core Value: Provides continuous vulnerability scanning across your network and peripherals
Edgescan Solutions: Risk-based Vulnerability Management
Security Coverage: Networks and infrastructure
Includes network vulnerability scanning of network assets (i.e., servers, network devices (i.e., routers, switches, firewalls, etc.), peripherals (such as IP-based printers or fax machines), and workstations), with a 100% validated result.
Core Value: Dynamic Application Security Testing providing an accurate snapshot of your overall security posture using a hybrid approach of proprietary scanning technology, automation, and human expertise.
Edgescan Solutions: Application Security Testing
Security Coverage: Web applications, network, APIs, cloud
• Includes network vulnerability scanning for the underlying host(s).
• Unauthenticated application and network layer automated test with 100% validated results
• Unlimited automated testing; User accounts and reporting
Core Value: Provides accurate assessments of your authentication enabled applications across your entire IT enterprise utilizing dynamic application security testing.
Edgescan Solutions: Risk-based Vulnerability Management, API Security Testing, Application Security Testing
Security Coverage: Web applications, network, APIs, cloud
• Provides the same level of service as outline above and in the Essentials License
• Authenticated Application and network layer testing automated test with 100% validated results.
• Integrations: ServiceNow, MS Teams, Slack integrations, custom events and notifications, etc.
Core Value: Provides accurate business logic assessments of your most complex applications while prioritizing vulnerabilities and providing remediation guidance across the enterprise.
Solutions: The entire suite of Edgescan solutions is used by certified security experts.
Security Coverage: Web applications, network, APIs, cloud, networks and infrastructure
• Provides the same level of service as outline above and in the Professional License
• Authenticated application Pen testing as a Service (PTaaS), network layer testing, and risk-based vulnerability management
• Human analysis provides a deeper level of testing to a Host/Server or Professional License by including a penetration test or business logic assessment (BLA). Testing is performed by full-time Edgescan employees who are a team of certified OSCP/CREST security experts. Includes network vulnerability management for the underlying host(s) (if applicable).
Host/Server or Professional, plus quarterly (4) penetration tests or Business Logic Assessments (BLAs) performed by Edgescan’s FTE team of certified OSCP/CREST security experts.
Any level of service can be upgraded to an Advanced license, or a second penetration test or Business Logic Assessment (BLA) performed by Edgescan’s FTE team of certified OSCP/CREST security experts can also be added to an existing Advanced license to add additional penetration tests.
A bespoke virtual appliance that allows for access to internal infrastructure, acting as one endpoint of a Virtual Private Network (VPN). Edgescan deploys a dedicated corresponding endpoint (called Cloud Control) within a private Virtual Private Cloud (VPC in your cloud provider) to provide a strongly encrypted end-to-end tunnel between the applicance and the Edgescan Platform.
Approved Scanning Vendor service to satisfy PCI-DSS compliance needs pertaining to vulnerability scanning, penetration testing, and reporting.
Combination of a single native device/forensic analysis test of a mobile application performed by Edgescan’s FTE team of certified OSCP/CREST security experts. Additionally, an Advanced license is applied to the underlying iOS or Android API.
If access to 24/7 emergency escalations or premium support is required outside of traditional business hours, Edgescan can accommodate.
Dedicated account concierge who assists in achieving operational readiness across the enterprise. Edgescan is easy to set up and maintain out of the box; however, a Technical Account Manager is often recommended for teams that need to improve their security posture quickly, are going through a digital transformation effort, are short-staffed, or have particularly complex environments.
| All OWASP Top 10 (2013, 2017) vulnerabilities |
| Application framework – known vulnerabilities (spring / struts / zend/ django/ .net, etc.) |
| Autocomplete attribute |
| Buffer overflow |
| Content spoofing / HTML hacking |
| Cookie access control |
| Cross site scripting (XSS) –reflected / stored |
| Data / information leakage |
| Directory indexing |
| DOM XSS |
| File path traversal |
| HTTP caching control |
| HTTP header injection |
| HTTP only session cookie |
| HTTP response smuggling |
| HTTP response splitting / pollution |
| Improper input handling |
| Improper output encoding / content type encoding |
| Improper file system access control |
| Insufficient SSL / TLS / transport layer protection |
| Integer overflows |
| LDAP injection |
| OS command injection |
| Persistent session cookie |
| Remote file inclusion (RFI) |
| SANS Top 25 Software Errors |
| Server-side injection |
| SQL injection: error based, time based, Boolean conditional, MySQL, MSSQL, Oracle, etc. |
| Unsecured session cookie |
| URL redirect security |
| XML attribute security, XML external entities |
| XML injection and schema security |
| XPath injection |