Web Application Security

Continuous Assessment keeping pace with development and constant change…

 

Today enterprise organisations deploy a wide range of systems, servers, cloud and web applications, accessible from any location. Visibility of such systems in terms of security posture is of vital importance.  The lack of management and not understanding what to manage (no visibility) from a vulnerability standpoint results in assets which are an easy target for hackers and may result in a data breach.

Visibility is key to maintaining a secure posture. edgescan provides that visibility in many ways from Metrics to Asset Profiling to Continuous Vulnerability Detection and Intelligence.

 

  • As new features/code or systems are deployed edgescan will help ensure you have no cyber security vulnerabilities.
  • As new vulnerabilities are discovered in the industry, edgescan will inform you if you are vulnerable.
  • As new systems are deployed edgescan can automatically inform you of the any new services discovered also scan the system for web and infrastructure vulnerabilities.
  • The edgescan delivery model also ensures all vulnerabilities discovered are validated by experts and expert support is also included to help you maintain a secure posture.

 

Fullstack Coverage, Visibility and Support…

 

edgescan provides complete Full Stack Vulnerability management (web application & hosting infrastructure) security at a scale and accuracy unmatched in the industry. No matter how many systems or web applications or how often they change, we can assess an unlimited number of sites without accuracy suffering.

Our operations staff are also professional consultants which validate and manage the vulnerability detection service, but also deliver professional services engagement to our clients.

 

“We’re your virtual vulnerability management team”

 

DevSecOps

 

Integrate into the DevSecOps Pipeline

DevSecOps is a collaborative view of security across everyone! The purpose and intent of DevSecOps is to build on the ethos that “everyone is responsible for security” with the goal of making decisions related to security at speed and scale without sacrificing the safety, accuracy and security required. – sounds like the edgescan mantra.

edgescan via its risk API can integrate into a DevSecOps pipeline easily. Providing automatic scan invocation and consumption of the resulting data via the API, makes edgescan well suited to a CI/CD environment.

 

 

Coverage and Messaging…

Full stack security intelligence should be in plain language and universally understandable. edgescan helps combine multiple views of the same problem (from Security to Development and Operations) to create a true DevSecOps team.

 

Ongoing support and assistance

With our support delivered by security experts, to our layers of reporting detail edgescan can help different teams with different views of the same problem understand the same issue in their own way.

Network Security

 

Network & Cloud infrastructure

edgescan delivers full stack vulnerability management, from “top to tail”, this means deep security assessment of both web applications, supporting app servers, components and associated hosting environments.

With a growing capability to test for over 90,000 CVE’s edgescan covers off supporting systems in both cloud and data center environments. All issues discovered are validated by security experts.

 

Visibility

Protocol, Port, DNS, Status – We’ve got you covered. All edgescan licenses include Continuous Asset Profiling which  helps you discover and manage thousands of systems exposed services and ports on a continuous bases. Coupled with the the edgescan events alerting functionality provides unparalleled visibility.

 

Accuracy

We detect, asset profile and validate all vulnerabilities on the network layer. edgescan detects over 90,000 CVE’s (and counting), Open ports, misconfigurations, protocol weaknesses, firewall and ACL issues, Cryptography issues, patching weaknesses and all the non-web application security concerns associated with an entire system.

 

Internet Facing of Internal systems

Both internal and public facing network assets can be assessed using edgescan and if required a (virtual or hardware) on premise appliance can be deployed to assist with internal assessments

Compliance/Regulation

 

Cyber Security Compliance
edgescan’s award winning SaaS exceeds the strictest industry standards for application & network security by providing continuous, verified vulnerability intelligence for both internal and
public websites and networks, cloud deployments and API’s.
edgescan’s full stack security solutions enable clients in various industries to achieve regulatory compliance. edgescan is a certified PCI ASV which is a standard set by the five major payment brands and industry stakeholders to protect user data from exposure.
Organizations that suffer a breach and have not taken steps to ensure compliance can be penalized, and in some cases, may even be prohibited from working with specific payment brands.

We also work with larger enterprises and assist in research such as GDPR and PSD2

 

Vulnerability Intelligence Integration

 

Security Orchestration

One challenge of successful vulnerability management is to orchestrate discovered vulnerabilities such that they are mitigated, tracked, measured so we can see improvement and measure security posture.

edgescan provides a very powerful simple API which can integrate with virtually anything:

 

Out-of-the-box integration

Out-of-the-box edgescan integrates with Web Application Firewalls (WAF) such as Mod_Security, F5 and Citrix NetScaler. edgescan also integrates with more Governance Risk and Compliance platforms (GRC) and bug tracking systems such as Jira, Service Now, RSAM, etc.

 

Alerting and situational awareness

edgescan provides highly customized “event” capabilities and  provides alerting via WebHooks, Slack, email and SMS. The ability to be alerted when required is of paramount importance.