Application Vulnerability Management (VM) with WISE™ Scan

Go beyond VAPT. Fix, Don't just find!

What is Application VM?

For the hundreds of applications running inside your organisation, finding the critical vulnerabilities gets only half the job done.
We call it WISE™ Vulnerability Management because we would like to travel the extra mile and take it upon us help you manage the findings and
get them patched or at least addressed with a defined timeline.
Our assurance is not only to provide you with the most comprehensive assessment report with our semi-automated methodology,
but also to help you address the gaps identified in the report.

Scope of Scan

Thick Clients/ APIs/ Web Services

We carry out security assessment of cross platform thick client applications, SOAP based or RESTful web services and APIs.

Web Apps

We scan web applications developed in technologies ranging from conventional PHP, J2E, .NET to applications developed in specific frameworks like Spring, Struts2, Codeigniter, Nette, Symfony2, Laravel, Zend among others.

Mobile Apps

We scan mobile applications across 4 operating systems - iOS, Android, Windows and BlackBerry.

Types of WISE™ Scan

Black Box (DAST)

We assess the security posture of the existing application from pre login point of view on how an attacker can penetrate the application without using any credentials.

Grey Box (DAST)

We log into an application with credentials provided by the client to perform an in-depth analysis of pre and post login functions and screens across various user roles involved within the application.

White Box (SAST)

We analyse the source code manually and using automated tools to identify different security vulnerabilities. We carry out secure code review for applications written in Java, ASP.Net, Python, Ruby, ColdFusion, PHP, C/C++, etc. using frameworks like Spring, Rails, Django, Struts, GAE, .Net MVC, etc.

Execution Methodology

1
Scoping & Application Classification
2
Scan Scheduling
3
Actual Scan
4
Reports & Analytics
5
Patching & Certification

Execution

Actual Scan Methodology

Features

access-control-policy

Powerful and Accurate Automated Crawling

Automated crawling of AJAX-heavy applications that leverage complex technologies like CRUD, JSON, SOAP/WDSL,SOAP/WCF, XML GWT and WADL Operations.

Access Control Policy

AI Powered Cloud Based Scan

Powerful Scan divided into 3 layers - Broad Sweep Scan, Lucid Lense Scan and WISE™ Manual Scan. Together they bring out the most comprehensive control list for vulnerability assessment

Cloud Security Policy

Extremely Scalable with Multi Threading

Perform multiple scans with the power of multi threading, without losing out on time and precision. You can, in parallel test hundreds of applications without interruptions

Code Review Policy

Zero False Positive Guarantee

Our post scanning filter allows us to reduce the false positive rate to zero so that the final report generated is both actionable and accurate

access-control-policy

Checksum Backdate Recording

While performing our scans, our tool records the state of the code of the page we are scanning such that it can be used for future reference for certification along with finding the change in code that has occurred since the last scan

Asset Mangement Policy

Business Logic Flow Testing

Sequence of operations in the business logic is checked and any critical flaws are mapped to identify the vulnerabilities

Asset Mangement Policy

Impact on Production/UAT Environments

WISE™ scan is safe to run on production, QA or UAT environment without hampering their normal functionality and without significantly adding to the incoming traffic requests on the application.

Asset Mangement Policy

Generation of Compliance Reports

When the WISE™ Scan is run on an application and all it's components, the tool can provide the percentage compliance of the application to globally accepted compliance standards such as PCI DSS 3.1, ISO 27001, NIST SP 800-53 among others

High Level Control List

High Level Control List

  • Authentication
  • Access Control
  • Session Management
  • Error Handling
  • User Input Handling
  • Cryptography
  • Logging
  • HTTP Security
  • Data Protection

Reports and Analysis

We make 2 reports for every scan we perform.

  • Technical Report - Containing details of every identified vulnerability, potential technical impact, exhibits and actionable recommendation. This is a detailed report that helps a solutions manager patch the gaps identified.
  • Manager’s Report - Containing high level details of the identified vulnerabilities, operational impact of each vulnerability, potential financial impact along with the criticality of the identified gap. It also gives a suggested prioritisation for the patch work.

Download Sample Report

Interested in Application Vulnerability Management?

It’s Easy to Locate Us

Although we serve companies from across the globe, we are headquartered in India.

  • ADDRESS

    Lucideus House,Plot no. 15,
    Okhla Phase III, New Delhi - 110020

  • PHONE

    +91 11 2632-2632 /33

    +91 11 4053-4055

  • EMAIL

    info@lucideustech.com

Contact Form