At Blueinfy, we translate our knowledge and technologies into automated tools. We are having technologies which can address Web Services Security scanning, Application footprinting, Web 2.0 Scanning, Code Scanning, Web/Application fingerprinting etc. We are releasing them as free tools.
As an industry leader in application security space we are invited to speak at various conferences world wide like RSA, HackInTheBox, AusCERT, ISACA, OSCON, Syscan, InfoSecWorld, Bellua etc. Check out where you can find our team next.
SecurityExposure - On Demand Services
On Demand Application Vulnerability Scan (ODAVS)***New*** - Corporate can use this scan to identify application layer vulnerabilities. In this scan we focus on web application layer running on http (80) or https(443) and try to identify critical vulnerabilities like SQL injection, Cross Site Scripting, Directory browsing etc. Our team along with automated tools generate consolidated report along with mitigation planning for each of these applications. This scan gives complete application security posture for corporate. We are serving several industry verticals like banking, financial houses, portals, Web 2.0 vendors etc.
[Scan detail] Detail about On Demand Scan
[Scan report] Visit to sample scan report
On Demand Infrastructure Vulnerability Scan
(ODIVS) – Corporate will get an account and can set
up a scan at any point of time, our system will
finish the basic scan. Our project manager will
assign tasks to security engineers to observe report
and consolidate the findings. This will be more
interactive and human intellect intensive process.
It is combination of automated and human interactive
scanning. It helps in reducing false positives and
identifying effective vulnerabilities on the basis
of our threat model.
iAppSecure - Application Security Firewall
Web Application Firewall is emerging as first line
of defense for customized web applications running
with critical business objectives. Web Applications
can be vulnerable to several attack vectors like SQL
injection, Cross Site Scripting, Cross Site Request
Forgery, Information disclosure etc. If attackers
get successful in executing these attack vectors
then they can compromise the security of the
application layer along with user’s identity. To
protect application against these attack vectors two
important solutions are available – one needs to
harden the code to mitigate the risk or to identify
attack vectors at the gates before it hits the
application code itself. Web Application Firewall
can help in identifying the attack vectors and
filter them before they hit to the application code.
iAppSecure helps in protecting application layer
assets against various types of threats and attacks
without recoding single line.
Technical information:
iAppSecure is a comprehensive solution for IIS web
server running with any sort of web applications
running with ASP, ASP.NET, PHP, Java, ColdFusion
etc. iAppSecure is IHTTPModule and can be hooked to
HTTP processing pipe of IIS web server. It processes
each incoming request and outgoing responses against
set of important security rules.
Selecting your product for total
solution:
We thoroughly assess web application of our client
and build right set of rules for iAppSecure and pass
them with the product that makes a complete valuable
solution for the client. You can choose a complete
solution or various different modules of iAppSecure
depending on your needs. Here is a list of available
modules.
iAppSecure(Access) – In this module one can
apply rules to control access and authorization. One
can provide IP based access list, URL based resource
access, session based user access and authorization.
iAppSecure(Firewall) – In this module one can
write rules for HTTP request and response filtering
with great detail. It is possible to provided input
validations, malicious traffic filtering, variable
level filtering controls etc. This gives protection
against all popular attack vectors and build solid
defense for application layer.
iAppSecure(Logging and IDS) – This module
will provide in-depth logging for all incoming
requests and record all intrusions on application
layer.
iAppSecure (XML) – This module provides XML
filtering capabilities for application security. It
is also possible to filter various different
structures like JSON, XML-RPC, SOAP and REST based
HTTP requests as well.
Please contact us at contact@blueinfy.com for your preferred solution and we can work it out on the basis of your need.
AppCodeScan - Application Code Scanner
This product is designed to help in performing
whitebox testing. During whitebox testing one needs
to scan complete application code for various
different vulnerabilities like XSS, SQL injection,
Poor validations etc. It is possible to discover
these vulnerable points using this tool and one can
follow code walking across the code base to trace
this vulnerability. This tool works on following two
areas:
Code Scanning - One needs to feed target code
folder, rules pattern in regex (sample is provided
for ASP) and list of file extension to scan. The
tool will take this information and run against the
target folder with depth of three (3) and scan each
line for matching pattern. If pattern is found then
it will report that line in the tool.
Code Walker - This little utility would help in
walking across the code base and find variable or
function. This will help to trace variables and
their entire path in the large code base. This
utility would help in negating false positives from
the identified pattern.
This tool runs on .NET framework and still in
initial beta state. We are working on it and more
features will be added. We provide full support
along with the product to make code scanning
effective.
Please contact us at contact@blueinfy.com for more information.
