Overview

Unsafe applications are for hackers an attractive attack surface and convenient entry point into your IT environment. When breached, massive amounts of confidential business data can be exposed via such vulnerable applications.

Viasky’s IAST solution is a cloud-based service that provides automated testing of custom applications, to identify vulnerabilities.

The automated service enables compliance based testing (Core scan) which follows consistent compliance scan tests, however, our tool’s real innovation is in its Exploratory scan; Using a proprietary Machine Learning algorithm, our tool can detect and understand complex software architectures and APIs, leveraging that knowledge to find security issues both in the logical-flow of the software and in single-point failures, such as in the API itself.

Today is critical to protecting both your apps and your organization!

Key features

AI POWERED

Using state of the art Evolutionary strategies combined with Reinforcement learning, Viasky’s Tool can understand your application parameters and structure. Armed with this knowledge our tool creates new malicious scenarios based on everything it learned, ever.

SIMPLICITY & EFFICIENCY

Viasky’s tool is a cloud based solution, it doesn’t require time consuming or complicated integration. Moreover, our tool also eliminates any complex, lengthy configuration, just log in to our system, record a user session and scan. When done, our tool will generate a detailed, easy to use report with remediation guidance

FALSE-POSITIVE FREE

Viasky’s Tool is a False Positive FREE solution. Using our tool eliminates the need to recheck and filter every scan report, every finding is a REAL vulnerability. This is possible because our tool only reports exploitable vulnerabilities that it was able to validate.

INTERACTIVE APPLICATION SECURITY TESTING

Viasky’s Tool is a pure Interactive Application Security Testing solution. Combining the best practices of Dynamic AST with code instrumentation, it provides the developer with a powerful solution to speed-up vulnerability remediation. Our Tool is equipped with seamless integration into SDLC (CI/CD) workflows enabling fast IAST security testing at the speed of DevOps.

Additional features
  • Our tool is very easy to use, just Login, Upload a user session recording (HAR), and Start a scan (choosing simple options such as protocol, Length, scan type, etc.)
  • Viasky’s tool can scan targets using an agent, the agent provides additional in-depth input on the system during the scan and can produce more findings (IAST)
  • Test API interfaces using a REST API scanning capabilities
  • Our tool can scan the protocol implementation separately, supporting HTTP/S, Websocket, FIX & BLE protocols
  • After a scan is completed, a summary report is generated, results are prioritized and a suggested remediation is added for every vulnerability found.
  • Detect a plethora of vulnerabilities, from common ones such as OWASP top 10 to complex unknown issues such as logical flow & 0day vulnerabilities
  • See all the results in one place, anytime, anywhere, Viasky’s tool is accessible directly in the browser, no plugins are required.
  • Test IoT services and mobile apps using BLE protocol component
  • Viasky’s tool can be used as a SDLC component supporting all the common DevOps tools and services.
  • Each Session consists of a 24 hour window for scans, a user can set scans’ exact time frame to use each session flexibly and conduct multiple scans.

Deployment & Usage

Install the agent on your test environment, record a session of how you would normally work with your product and upload it. Initiate a new scan from our dashboard, selecting the recorded session and agent. Receive continuous reports of security vulnerability findings in your product, along with simple explanations of the discovered vulnerabilities and remedy suggestions.

To enjoy the benefits of code instrumentation, all that is required is a simple installation of a local agent to your local test environment. Running the agent with your process is done with a single console command. Multiple Agents can be connected to a single scan, to provide a “big-picture” of the target system.

Scan result analysis are available in real-time via the dashboard or as a downloadable report, providing you with all the data you need to fix your weaknesses and improve your cyber security posture.

A single scan can replace dozens of hours of security experts and get high quality results in a fraction of the time, and cost.

There are no guesses with our tool, it performs real attacks finding real vulnerabilities.

Compliance

Viasky’s tool can detect all relevant and high threat issues defined by the OWASP organization. After running a scan with the Core module, you can rest assured that the OWASP top 10 and much more has been covered in the scope of the recorded session. Our tool is compliance oriented and supporting Application Security Testing for ISO27001, PCI DSS, HIPAA, NIST 800 Series and other relevant standards and regulations.