See a 10-minute overview of the platform.

Watch VIDEO
Go to my account
Search
Search

Licenses for Edgescan Solutions

The Edgescan Platform provides unprecedented full-stack assessment and coverage utilizing a suite of solutions

External Attack Surface Management (EASM), Risk-based Vulnerability Management (RBVM), Application Security Testing (AST), API Security Testing, and Penetration Testing as a Service (PTaaS). We also provide mobile application security testing. 

Icons
All core licenses include:​
  • 100% vulnerability validation – no false positives
  • Unlimited automated assessments
    (network scans and DAST (Application and/or API))
  • Unlimited retesting of vulnerabilities
  • Expert remediation guidance
  • Premium support from FTE security (OSCP/CREST) experts
  • Prebuilt and custom RESTful API Integrations
  • Unlimited role-based user accounts
  • Unlimited, on-demand, customized reporting CISA KEV and EPSS correlation of applicable vulnerabilities

Types of Assets Discovered and Protected by the Edgescan Platform

laptop connected to the internet icon for the pen testing service page
Application examples:

Web applications (authenticated and unauthenticated), API’s (JSON, XML, WSDL, YAML and Graph), microservice architecture, single page applications, mobile applications.

Network
Network asset examples:

Servers, routers, switches, firewalls, domain controllers, data center, desktops (any layer 2 and layer 3 devices), printers, cloud assets, container hostnames, IOT and anything that has an IP address which is visible to Edgescan. Single IP’s, hostnames, blocks, CIDR and IPV6 are all supported. 

Edgescan Licenses

Core Value: Discovery of all internet-facing assets associated to a domain, and continuous monitoring of defined external IP range(s)
Edgescan Solutions: External Attack Surface Management, API Security Testing
Security Coverage: Domains and external IP ranges. 

Internet discovery for a primary domain including, but not limited to, subdomains, internet records, registrants, and services. Continuously assesses and alerts users about network changes and APIs discovered in their defined external attack surface. 

Core Value: Provides continuous vulnerability scanning across your network and peripherals
Edgescan Solutions: Risk-based Vulnerability Management
Security Coverage: Networks and infrastructure 

Includes network vulnerability scanning of network assets (i.e., servers, network devices (i.e., routers, switches, firewalls, etc.), peripherals (such as IP-based printers or fax machines), and workstations), with a 100% validated result. 

Core Value: Dynamic Application Security Testing providing an accurate snapshot of your overall security posture using a hybrid approach of proprietary scanning technology, automation, and human expertise. 
Edgescan Solutions: Application Security Testing
Security Coverage:  Web applications, network, APIs, cloud

• Includes network vulnerability scanning for the underlying host(s).
Unauthenticated application and network layer automated test with 100% validated results
Unlimited automated testing; User accounts and reporting 

Core Value: Provides accurate assessments of your authentication enabled applications across your entire IT enterprise utilizing dynamic application security testing.
Edgescan Solutions: Risk-based Vulnerability Management, API Security Testing, Application Security Testing
Security Coverage: Web applications, network, APIs, cloud

• Provides the same level of service as outline above and in the Essentials License
Authenticated Application and network layer testing automated test with 100% validated results.
Integrations: ServiceNow, MS Teams, Slack integrations, custom events and notifications, etc. 

 

Core Value: Provides accurate business logic assessments of your most complex applications while prioritizing vulnerabilities and providing remediation guidance across the enterprise.
Solutions: The entire suite of Edgescan solutions is used by certified security experts.
Security Coverage: Web applications, network, APIs, cloud, networks and infrastructure

• Provides the same level of service as outline above and in the Professional License 
• Authenticated application Pen testing as a Service (PTaaS), network layer testing, and risk-based vulnerability management
• Human analysis provides a deeper level of testing to a Host/Server or Professional License by including a penetration test or business logic assessment (BLA). Testing is performed by full-time Edgescan employees who are a team of certified OSCP/CREST security experts. Includes network vulnerability management for the underlying host(s) (if applicable). 

Additional Services & Add-Ons

Host/Server or Professional, plus quarterly (4) penetration tests or Business Logic Assessments (BLAs) performed by Edgescan’s FTE team of certified OSCP/CREST security experts. 

Any level of service can be upgraded to an Advanced license, or a second penetration test or Business Logic Assessment (BLA) performed by Edgescan’s FTE team of certified OSCP/CREST security experts can also be added to an existing Advanced license to add additional penetration tests. 

A bespoke virtual appliance that allows for access to internal infrastructure, acting as one endpoint of a Virtual Private Network (VPN)Edgescan deploys a dedicated corresponding endpoint (called Cloud Control) within a private Virtual Private Cloud (VPC in your cloud provider) to provide a strongly encrypted end-to-end tunnel between the applicance and the Edgescan Platform. 

Approved Scanning Vendor service to satisfy PCI-DSS compliance needs pertaining to vulnerability scanning, penetration testing, and reporting. 

Combination of a single native device/forensic analysis test of a mobile application performed by Edgescan’s FTE team of certified OSCP/CREST security expertsAdditionally, an Advanced license is applied to the underlying iOS or Android API. 

If access to 24/7 emergency escalations or premium support is required outside of traditional business hours, Edgescan can accommodate.

Dedicated account concierge who assists in achieving operational readiness across the enterprise. Edgescan is easy to set up and maintain out of the box; however, a Technical Account Manager is often recommended for teams that need to improve their security posture quickly, are going through a digital transformation effort, are short-staffed, or have particularly complex environments.

Integrations

All tiers of Edgescan come with our full suite of integrations, click here to review the list

Click Here

Contextualized
Risk Scoring

The Edgescan Platform contextualizes risk with validated vulnerability intelligence and a propriety risk score that incorporates EVSS (Edgescan Validated Security Score), EPSS (Exploit Prediction Scoring System), CISA KEV (CISA Known Exploited Vulnerability Catalog), CVSS (Common Vulnerability Scoring System) and customer dependent factors such as industry, department, etc.

Certified Security Professionals

Edgescan Security Experts (OSCP/CREST) are FTEs able to provide consultancy-grade penetration tests and Business Logic Assessments (BLAs) (PTaaS) to critical assets.

Vulnerabilities discovered by Edgescan

  • All OWASP Top 10 (2013, 2017) vulnerabilities
  • Application framework – known vulnerabilities (spring / struts / zend/ django/ .net, etc.)
  • Autocomplete attribute
  • Buffer overflow
  • Content spoofing / HTML hacking
  • Cookie access control
  • Cross site scripting (XSS) –reflected / stored
  • Data / information leakage
  • Directory indexing
  • DOM XSS
  • File path traversal
  • HTTP caching control
  • HTTP header injection
  • HTTP only session cookie
  • HTTP response smuggling
  • HTTP response splitting / pollution
  • Improper input handling
  • Improper output encoding / content type encoding
  • Improper file system access control
  • Insufficient SSL / TLS / transport layer protection
  • Integer overflows
  • LDAP injection
  • OS command injection
  • Persistent session cookie
  • Remote file inclusion (RFI)
  • SANS Top 25 Software Errors
  • Server-side injection
  • SQL injection: error based, time based, Boolean conditional, MySQL, MSSQL, Oracle, etc.
  • Unsecured session cookie
  • URL redirect security
  • XML attribute security, XML external entities
  • XML injection and schema security
  • XPath injection