SlideShare a Scribd company logo

We present Bugscout

Jorge Martínez Taboada
Jorge Martínez Taboada
Technology
1 of 30
For further information please contact: sales@buguroo.com
Current Issues Threats ‘Creating an extension that enable unauthorized access to Facebook and Twitter accounts’ Fines Source: www.elmundo.es ‘Record fine of € 2.8M to the British subsidiary of the insurer Zurich for having lost data from tens thousands Vulnerability customers’ ‘How was Stuxnet attack Source: AFP directed against Iran’ nuclear facilities’ Source: www.elpais.com
Risks of unsafe programming Threats ‘ 95% of intending attacks are against the application’ Fines ‘The result of an attack or data loss involves serious legal consequences to the Vulnerability company’ ‘Over 90% of Internet vulnerabilities are in the code’
Statistics: Vulnerabilities in Internet applications (1 of 2) % Vulnerabilities located for each type of test 100 80 60 Urgent 40 Critical 20 High 0 Medium % Sites (All) % Sites % Sites % Sites Low (Scans) (Blackbox) (WhiteBox) Source: WASC (web application security consortium)
Statistics: Vulnerabilities in Internet applications (2 of 2) % Most common vulnerabilities % Sectors affected by attacks 7% 11% 5% 3% 12% XSS 4% Finance Education 39% 19% 4% Information Social/Web Leakage 12% Media Retail 7% SQLi Technology Internet Goverment Insufficent Entertainment Transport Layer Protection 16% Fingerprinting 12% 32% Source: WASC (web application security consortium)
Limitations on current solutions Black box audit limitations • Do not audit the whole application Manual audits limitations • Costs. Despite of being one of the most effective • Are less accurate solutions, the magnitude of the source code is so vast in this type that are often scrapped on cost grounds • May incur in service degradation • Timeouts. The delivery of reports in a manual audit code requires such long wait times, which often decisions are made before results delivery Common limitations to both audits • Depend on development completion • They do not address future vulnerabilities. Everyday new security holes are found • Do not include software updates, causing the rapid obsolescence of work audited
Our Solution: • buguroo has designed and implemented bugScout, the most powerful managed service on the market, regarding analysis of vulnerabilities in source code:  bugScout automatically detects over 94% of vulnerabilities in the code. Is the most powerful solution on the market: its competition only detects 60% of existing vulnerabilities  Operates in a decentralized manner in cloud, allowing unlimited scalability  bugScout enables its partners, through its solution’ appliances, building and managing their own clouds  bugScout is designed to audit multiple codes simultaneously without performance penalty
Advantages (1 of 2)  bugScout reduces the cost of manual audit in more than 90%  bugScout is integrated into the software development cycle, speeding up business processes  bugScout minimizes waiting time result in more than 99%
Advantages (2 of 2) • bugScout allows correction of errors in real time, encouraging the learning of the developers’ team • bugScout enables to audit of the entire application in full • bugScout audits are more accurate, its technology can effectively track the whole code • Avoid uncontrolled errors: Denial of Service attacks, untended spam… • bugScout update real-time signatures of public and private, due to the recurrent nature of its technology • bugScout easily integrates with the software development cycle • bugScout connects directly to the development repository, can audit the software, from minute one, without interrupting the production process
- Technology and features • bugScout consists of a Web console from which to offer multiple functionalities to easily operate on the code, avoiding any heavy agents or prior installation of software on the client • Also includes:  A detection system of public and private vulnerabilities updated daily  Multi-audit platform, capable of analyzing code simultaneously without interfering with the performance at the same time  Multi-user access platform and permissions granularity
The environment - Portal access
The environment - Modular, extensive and scalable … …… … Tasks Licenses Query Tasks Licenses Query FRAMEWORK 1 FRAMEWORK N DISTRIBUTED COMMUNICATIONS BUS (BACKEND) DISTRIBUTED COMMUNICATION BUS (BACKEND) CORE 1 …. N ENGINE Scheduler Tasks Licenses Result Motor N … Decompression Fam. 1 P1 Cond. 1 Decoded .. .. .. Motor 1 Core Engine Fam. N PN Cond. N
The environment - Modular, extensible and scalable 1. Framework. Interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
Framework - Modules (1 of 5) 1. Dashboard • User configurable start menu where you can, take a look, review the security of the company s applications • The work area is editable, can be added, modified and/ or delete graphics, and rearrange or resize them using Drag & Drop • The graphics also are interacting, so moving pointer can be seen the values they represent • To make this possible, the design has been done relying on the latest web 2.0 techniques, without sacrificing security and performance
Framework - Modules: Dashboard (2 of 5)
Framework - Modules (3 of 5) 2. Projects • From this module can be classified projects and applications, for later analysis, also from this section can be requested manual audits, re-audited code to check on progress, asked for auditor to perform a penetration test or a report or check vulnerabilities • Also from this section can be requested manual audits, re-audited code to check on progress, asked for an auditor to perform penetration test or a report to check vulnerabilities 3. Document management • Simple Document Management System enables to consult reports generated automatically or manually, as well as help documentation on the tool, generate asymmetric encryption keys, perform secure uploads of source code to audit
Framework - Modules (4 of 5) 4. Vulnerabilities • Module from which to work with the results of audits, enabled to verify the proposed solutions, references, explanations of the vulnerabilities, etc. 5. Reports • Enabled module to generate reports and technical executives at different levels 6. Administration • Enabled module for managing users, groups and roles • Oriented menu creation and hierarchical structure of companies (customers, suppliers) • You can configure the look & feel of the interface according to the standards and corporate logos of each company, and generate reports tailored to each company
Framework - Modules: Projects (5 de 5)
The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and Solutions
Core (1 of 4) 2. Core • bugScout Core consists of a vulnerability pattern recognition system on analyzed software. The entire process provides an analysis of reliability code to detect patterns that would allow attacker to access unauthorized data • Main functionalities: 1. Detection of language processing 2. Lexical Analysis 3. Parsing 4. Generation of modeling software application architecture 5. Data flow analysis 6. Vulnerable pattern detection 7. Discrimination of false positives 8. Communication of potential vulnerabilities found
Core (2 of 4) – Main features Generation of modeling Detection of Lexical analysis Parsing software application language processing architecture Communication of Discrimination of Vulnerable pattern Data flow analysis potential vulnerabilities false positives detection found
Core – Main features (3 of 4) 2. Core 1. Detection of language processing: using different filters and patterns, bugScout Core determines which language contains every file and proceeds to generate the basic structure to continue the process 2. Lexical analysis: essential process to begin analysis of a language, to do so, bugScout Core integrates directly with the lexical analyzer for each language 3. Parsing: bugScout Core uses the parser that defines each own language, since it is the most accurate way to profile the sources. Requiring, at times, certain amendments in order to make the construction of application software architecture 4. Generation of modeling software application architecture: is the memory representation of code to analyze, but with a greater degree of computation, allowing the tree to perform operations that require high computational effort, in minimum time
Core – Main features (4 of 4) 2. Core 5. Data flow analysis: is the compression of the source code itself and will be analyzed to determine if the code contains vulnerability patterns 6. Pattern Detection vulnerable: the search for vulnerabilities, bugScout Core bet a complex plug-ins architecture that will facilitate future updates of signatures based on new patterns vulnerable. Through these plug-ins based on regular expressions formed expressly for each specific language, you can determine with a high degree of probability if there is a vulnerability in the code 7. Discrimination of false positives: Performs the necessary backtracking and discard, depending on the conditions that the pattern found, representing this particular code, confirming whether or not a real risk in a such pattern 8. Communication of potential vulnerabilities found: in this process bugScout Core communicates the visual, the existence of security flaws in the code to display
The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
BackEnd (1 of 4) 3. BackEnd • bugScout BackEnd stores in Cloud the data the tool works with. Our BackEnd model, incorporates the latest technologies, which allow maximum efficiency compatibility of stored data, secure environment essential feature of a maximum security environment • Advantages  Improved development time  Improved effectiveness  Scalability  Flexibility  Availability  Management  Security
BackEnd (2 of 4) Data flow Control flow Controller Unit Connector Data BBDD 1…N BBDD Controller BBDD
BackEnd (3 de 4) 3. BackEnd • bugScout BackEnd architecture provides a flexible and conceptuality simple design, which allows to develop a fast and flexible environment • Integration Cloud Storage technology, provides systems and networks our capacity to grow and scale, with a minimum manual handling • Safety is an integral part of computing in cloud. Architectural design of a group of systems that work directly on highly sensitive information, to protect the information accordingly. bugScout BackEnd goes a step further by considering that involves integration Cloud Storage with three key additional services:  Resizing  Disaster Recovery  Data security and communications
BackEnd (4 of 4) 3. BackEnd • bugScout BackEnd presents a secure, flexible and scalable management system:  FileNetSystem, paradigm implies that from a single console can be managed independently, each of the Cloud Storage Systems  Management System enabling self-configuration in expansion modules. Driver modules themselves are capable of detecting a new infrastructure and adapt the present configuration, giving the administrator the options available, facilitating the scaling system • bugScout BackEnd provides the following benefits:  Compliance with laws and regulations  Hardware failover  Long feasibility of IT resources  Secured assets in physical environments  Data isolation
Why is the best solution? • bugScout has been designed by one of the best and qualified teams with projects worldwide • Does not require extensive knowledge of security • bugScout gets the best detection and false positive rates on the market • This is the first tool that has other language independent, rejecting the pseudo-code conversion. Thus extending the detection rate, being able to locate errors and deprecated library functions, vulnerabilities, sensitive information in comments, ectc. • bugScout automatically corrects the vulnerable parts of the code, proposing effective solutions to build secure applications • Lets you easily manage vulnerabilities, reporting, storing documentation, see statistics, historical control…
www.buguroo.com For further information please contact: sales@buguroo.com Tel.: (34) 917 816 160 Plaza Marqués de Salamanca, 3-4, 28006 Madrid

Recommended

Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-reportКомсс Файквэе
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Enhancing Cybersecurity Readiness Through International Cooperation
Enhancing Cybersecurity Readiness Through International CooperationEnhancing Cybersecurity Readiness Through International Cooperation
Enhancing Cybersecurity Readiness Through International CooperationPositive Hack Days
 
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...Global Risk Forum GRFDavos
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011WASecurity
 

Recommended

Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Spam and Phishing Report - Marzo 2010
Spam and Phishing Report - Marzo 2010Symantec Italia
 
The software-security-risk-report
The software-security-risk-reportThe software-security-risk-report
The software-security-risk-reportКомсс Файквэе
 
Il Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webIl Cloud a difesa della mail e del web
Il Cloud a difesa della mail e del webSymantec Italia
 
Report on Rogue Security Software: a summary
Report on Rogue Security Software: a summaryReport on Rogue Security Software: a summary
Report on Rogue Security Software: a summarySymantec Italia
 
Enhancing Cybersecurity Readiness Through International Cooperation
Enhancing Cybersecurity Readiness Through International CooperationEnhancing Cybersecurity Readiness Through International Cooperation
Enhancing Cybersecurity Readiness Through International CooperationPositive Hack Days
 
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...READ - Risk Exposure Awareness and Deflection - creating an organization-wide...
READ - Risk Exposure Awareness and Deflection - creating an organization-wide...Global Risk Forum GRFDavos
 
Wireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseWireless Vulnerability Management: What It Means for Your Enterprise
Wireless Vulnerability Management: What It Means for Your EnterpriseAirTight Networks
 
IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011IT Vulnerability & Tools Watch 2011
IT Vulnerability & Tools Watch 2011WASecurity
 
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentVinoth Sivasubramanan
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016Owais Hassan
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsFindWhitePapers
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security DeploymentCisco Canada
 
Evolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotEvolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotSymantec
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-riskКомсс Файквэе
 
A6704d01
A6704d01A6704d01
A6704d01mudigonda
 
Presentation gdl
Presentation gdlPresentation gdl
Presentation gdlJuan Carlos Carrillo
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Djadja Sardjana
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 
State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteJeremiah Grossman
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 

More Related Content

What's hot

Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Black Duck by Synopsys
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentVinoth Sivasubramanan
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging ThreatsLumension
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploitsecarrow
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET Journal
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?martin_lee1969
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Kim Jensen
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18Symantec
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsFindWhitePapers
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security DeploymentCisco Canada
 
Evolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotEvolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotSymantec
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project ProposalChris Young
 
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Djadja Sardjana
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)AP DealFlow
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET Journal
 

What's hot (20)

Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
Open Source Insight: Artifex Ruling, NY Cybersecurity Regs, PATCH Act, & Wan...
 
Sivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 EnvironmentSivasubramanian Risk Management In The Web 2.0 Environment
Sivasubramanian Risk Management In The Web 2.0 Environment
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
Puppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability ExploitsPuppetnets and Botnets: Information Technology Vulnerability Exploits
Puppetnets and Botnets: Information Technology Vulnerability Exploits
 
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear AttacksIRJET- Minimize Phishing Attacks: Securing Spear Attacks
IRJET- Minimize Phishing Attacks: Securing Spear Attacks
 
Is Information Security Worth It?
Is Information Security Worth It?Is Information Security Worth It?
Is Information Security Worth It?
 
Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009Scansafe Annual Global Threat Report 2009
Scansafe Annual Global Threat Report 2009
 
SIA-Q1-2016
SIA-Q1-2016SIA-Q1-2016
SIA-Q1-2016
 
ISTR Volume 18
ISTR Volume 18ISTR Volume 18
ISTR Volume 18
 
Buyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection PlatformsBuyers Guide to Endpoint Protection Platforms
Buyers Guide to Endpoint Protection Platforms
 
Advanced Web Security Deployment
Advanced Web Security DeploymentAdvanced Web Security Deployment
Advanced Web Security Deployment
 
Evolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam BotEvolving Threat Landscape Web Spam Bot
Evolving Threat Landscape Web Spam Bot
 
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
Symantec Internet Security Threat Report 2011 Trends Volume 17 April 2012
 
2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk2012 ab is-your-browser-putting-you-at-risk
2012 ab is-your-browser-putting-you-at-risk
 
A6704d01
A6704d01A6704d01
A6704d01
 
Presentation gdl
Presentation gdlPresentation gdl
Presentation gdl
 
Cyber Sec Project Proposal
Cyber Sec Project ProposalCyber Sec Project Proposal
Cyber Sec Project Proposal
 
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
Widyatama Lecture Applied Networking-IV Week05 Mobile Security 1
 
Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)Comilion introduction presentation 26102012 (1)
Comilion introduction presentation 26102012 (1)
 
IRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection MethodsIRJET- A Survey on Android Ransomware and its Detection Methods
IRJET- A Survey on Android Ransomware and its Detection Methods
 

Similar to We present Bugscout

State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteJeremiah Grossman
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Eoin Keary
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Eoin Keary
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) Eoin Keary
 
Jedi mind tricks for building application security programs
Jedi mind tricks for building application security programsJedi mind tricks for building application security programs
Jedi mind tricks for building application security programsSecurity BSides London
 
Using ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application VulnerabilitiesUsing ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application VulnerabilitiesDenim Group
 
Global Cyber Security Industry
Global Cyber Security IndustryGlobal Cyber Security Industry
Global Cyber Security IndustryReportLinker.com
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...Andris Soroka
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEoin Keary
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdfssuserc3d7ec1
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityTyler Shields
 
edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018) edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018) Eoin Keary
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management ProcessBill Ross
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Cenzic
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report PresentationSophos
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Eoin Keary
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...DevOps Indonesia
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final ResultsCIONET
 
Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcastDome9 Security
 

Similar to We present Bugscout (20)

State of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon InstituteState of Web Application Security by Ponemon Institute
State of Web Application Security by Ponemon Institute
 
Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020Edgescan vulnerability stats report 2020
Edgescan vulnerability stats report 2020
 
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
Edgescan vulnerability stats report 2019 - h-isac-2-2-2019
 
edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019) edgescan vulnerability stats report (2019)
edgescan vulnerability stats report (2019)
 
ISTR XV
ISTR XVISTR XV
ISTR XV
 
Jedi mind tricks for building application security programs
Jedi mind tricks for building application security programsJedi mind tricks for building application security programs
Jedi mind tricks for building application security programs
 
Using ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application VulnerabilitiesUsing ThreadFix to Manage Application Vulnerabilities
Using ThreadFix to Manage Application Vulnerabilities
 
Global Cyber Security Industry
Global Cyber Security IndustryGlobal Cyber Security Industry
Global Cyber Security Industry
 
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
DSS ITSEC Conference 2012 - Lumension Intelligent Application Whitelisting & ...
 
Edgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics ReportEdgescan 2022 Vulnerability Statistics Report
Edgescan 2022 Vulnerability Statistics Report
 
2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf2022 Vulnerability Statistics Report.pdf
2022 Vulnerability Statistics Report.pdf
 
Intelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software SecurityIntelligence on the Intractable Problem of Software Security
Intelligence on the Intractable Problem of Software Security
 
edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018) edgescan vulnerability stats report (2018)
edgescan vulnerability stats report (2018)
 
Security Lifecycle Management Process
Security Lifecycle Management ProcessSecurity Lifecycle Management Process
Security Lifecycle Management Process
 
Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...Essentials of Web Application Security: what it is, why it matters and how to...
Essentials of Web Application Security: what it is, why it matters and how to...
 
2013 Security Threat Report Presentation
2013 Security Threat Report Presentation2013 Security Threat Report Presentation
2013 Security Threat Report Presentation
 
Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...Web security – application security roads to software security nirvana iisf...
Web security – application security roads to software security nirvana iisf...
 
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
Leveraging Vulnerability Management Beyond DPR (Discovery - Prioritization - ...
 
20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results20101012 CIOnet Cyber Security Final Results
20101012 CIOnet Cyber Security Final Results
 
Ponemon survey cloud security webcast
Ponemon survey cloud security webcastPonemon survey cloud security webcast
Ponemon survey cloud security webcast
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessPixlogix Infotech
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Advantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your BusinessAdvantages of Hiring UIUX Design Service Providers for Your Business
Advantages of Hiring UIUX Design Service Providers for Your Business
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 

We present Bugscout

  • 1. For further information please contact: sales@buguroo.com
  • 2. Current Issues Threats ‘Creating an extension that enable unauthorized access to Facebook and Twitter accounts’ Fines Source: www.elmundo.es ‘Record fine of € 2.8M to the British subsidiary of the insurer Zurich for having lost data from tens thousands Vulnerability customers’ ‘How was Stuxnet attack Source: AFP directed against Iran’ nuclear facilities’ Source: www.elpais.com
  • 3. Risks of unsafe programming Threats ‘ 95% of intending attacks are against the application’ Fines ‘The result of an attack or data loss involves serious legal consequences to the Vulnerability company’ ‘Over 90% of Internet vulnerabilities are in the code’
  • 4. Statistics: Vulnerabilities in Internet applications (1 of 2) % Vulnerabilities located for each type of test 100 80 60 Urgent 40 Critical 20 High 0 Medium % Sites (All) % Sites % Sites % Sites Low (Scans) (Blackbox) (WhiteBox) Source: WASC (web application security consortium)
  • 5. Statistics: Vulnerabilities in Internet applications (2 of 2) % Most common vulnerabilities % Sectors affected by attacks 7% 11% 5% 3% 12% XSS 4% Finance Education 39% 19% 4% Information Social/Web Leakage 12% Media Retail 7% SQLi Technology Internet Goverment Insufficent Entertainment Transport Layer Protection 16% Fingerprinting 12% 32% Source: WASC (web application security consortium)
  • 6. Limitations on current solutions Black box audit limitations • Do not audit the whole application Manual audits limitations • Costs. Despite of being one of the most effective • Are less accurate solutions, the magnitude of the source code is so vast in this type that are often scrapped on cost grounds • May incur in service degradation • Timeouts. The delivery of reports in a manual audit code requires such long wait times, which often decisions are made before results delivery Common limitations to both audits • Depend on development completion • They do not address future vulnerabilities. Everyday new security holes are found • Do not include software updates, causing the rapid obsolescence of work audited
  • 7. Our Solution: • buguroo has designed and implemented bugScout, the most powerful managed service on the market, regarding analysis of vulnerabilities in source code:  bugScout automatically detects over 94% of vulnerabilities in the code. Is the most powerful solution on the market: its competition only detects 60% of existing vulnerabilities  Operates in a decentralized manner in cloud, allowing unlimited scalability  bugScout enables its partners, through its solution’ appliances, building and managing their own clouds  bugScout is designed to audit multiple codes simultaneously without performance penalty
  • 8. Advantages (1 of 2)  bugScout reduces the cost of manual audit in more than 90%  bugScout is integrated into the software development cycle, speeding up business processes  bugScout minimizes waiting time result in more than 99%
  • 9. Advantages (2 of 2) • bugScout allows correction of errors in real time, encouraging the learning of the developers’ team • bugScout enables to audit of the entire application in full • bugScout audits are more accurate, its technology can effectively track the whole code • Avoid uncontrolled errors: Denial of Service attacks, untended spam… • bugScout update real-time signatures of public and private, due to the recurrent nature of its technology • bugScout easily integrates with the software development cycle • bugScout connects directly to the development repository, can audit the software, from minute one, without interrupting the production process
  • 10. - Technology and features • bugScout consists of a Web console from which to offer multiple functionalities to easily operate on the code, avoiding any heavy agents or prior installation of software on the client • Also includes:  A detection system of public and private vulnerabilities updated daily  Multi-audit platform, capable of analyzing code simultaneously without interfering with the performance at the same time  Multi-user access platform and permissions granularity
  • 11. The environment - Portal access
  • 12. The environment - Modular, extensive and scalable … …… … Tasks Licenses Query Tasks Licenses Query FRAMEWORK 1 FRAMEWORK N DISTRIBUTED COMMUNICATIONS BUS (BACKEND) DISTRIBUTED COMMUNICATION BUS (BACKEND) CORE 1 …. N ENGINE Scheduler Tasks Licenses Result Motor N … Decompression Fam. 1 P1 Cond. 1 Decoded .. .. .. Motor 1 Core Engine Fam. N PN Cond. N
  • 13. The environment - Modular, extensible and scalable 1. Framework. Interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
  • 14. Framework - Modules (1 of 5) 1. Dashboard • User configurable start menu where you can, take a look, review the security of the company s applications • The work area is editable, can be added, modified and/ or delete graphics, and rearrange or resize them using Drag & Drop • The graphics also are interacting, so moving pointer can be seen the values they represent • To make this possible, the design has been done relying on the latest web 2.0 techniques, without sacrificing security and performance
  • 15. Framework - Modules: Dashboard (2 of 5)
  • 16. Framework - Modules (3 of 5) 2. Projects • From this module can be classified projects and applications, for later analysis, also from this section can be requested manual audits, re-audited code to check on progress, asked for auditor to perform a penetration test or a report or check vulnerabilities • Also from this section can be requested manual audits, re-audited code to check on progress, asked for an auditor to perform penetration test or a report to check vulnerabilities 3. Document management • Simple Document Management System enables to consult reports generated automatically or manually, as well as help documentation on the tool, generate asymmetric encryption keys, perform secure uploads of source code to audit
  • 17. Framework - Modules (4 of 5) 4. Vulnerabilities • Module from which to work with the results of audits, enabled to verify the proposed solutions, references, explanations of the vulnerabilities, etc. 5. Reports • Enabled module to generate reports and technical executives at different levels 6. Administration • Enabled module for managing users, groups and roles • Oriented menu creation and hierarchical structure of companies (customers, suppliers) • You can configure the look & feel of the interface according to the standards and corporate logos of each company, and generate reports tailored to each company
  • 18. Framework - Modules: Projects (5 de 5)
  • 19. The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and Solutions
  • 20. Core (1 of 4) 2. Core • bugScout Core consists of a vulnerability pattern recognition system on analyzed software. The entire process provides an analysis of reliability code to detect patterns that would allow attacker to access unauthorized data • Main functionalities: 1. Detection of language processing 2. Lexical Analysis 3. Parsing 4. Generation of modeling software application architecture 5. Data flow analysis 6. Vulnerable pattern detection 7. Discrimination of false positives 8. Communication of potential vulnerabilities found
  • 21. Core (2 of 4) – Main features Generation of modeling Detection of Lexical analysis Parsing software application language processing architecture Communication of Discrimination of Vulnerable pattern Data flow analysis potential vulnerabilities false positives detection found
  • 22. Core – Main features (3 of 4) 2. Core 1. Detection of language processing: using different filters and patterns, bugScout Core determines which language contains every file and proceeds to generate the basic structure to continue the process 2. Lexical analysis: essential process to begin analysis of a language, to do so, bugScout Core integrates directly with the lexical analyzer for each language 3. Parsing: bugScout Core uses the parser that defines each own language, since it is the most accurate way to profile the sources. Requiring, at times, certain amendments in order to make the construction of application software architecture 4. Generation of modeling software application architecture: is the memory representation of code to analyze, but with a greater degree of computation, allowing the tree to perform operations that require high computational effort, in minimum time
  • 23. Core – Main features (4 of 4) 2. Core 5. Data flow analysis: is the compression of the source code itself and will be analyzed to determine if the code contains vulnerability patterns 6. Pattern Detection vulnerable: the search for vulnerabilities, bugScout Core bet a complex plug-ins architecture that will facilitate future updates of signatures based on new patterns vulnerable. Through these plug-ins based on regular expressions formed expressly for each specific language, you can determine with a high degree of probability if there is a vulnerability in the code 7. Discrimination of false positives: Performs the necessary backtracking and discard, depending on the conditions that the pattern found, representing this particular code, confirming whether or not a real risk in a such pattern 8. Communication of potential vulnerabilities found: in this process bugScout Core communicates the visual, the existence of security flaws in the code to display
  • 24. The environment - Modular, extensible and scalable 1. Framework. User interface to access up to 6 modules 2. Core. Source code analyzer 3. BackEnd. Secure storage of codes, reports and Vulnerability Data Bases and solutions
  • 25. BackEnd (1 of 4) 3. BackEnd • bugScout BackEnd stores in Cloud the data the tool works with. Our BackEnd model, incorporates the latest technologies, which allow maximum efficiency compatibility of stored data, secure environment essential feature of a maximum security environment • Advantages  Improved development time  Improved effectiveness  Scalability  Flexibility  Availability  Management  Security
  • 26. BackEnd (2 of 4) Data flow Control flow Controller Unit Connector Data BBDD 1…N BBDD Controller BBDD
  • 27. BackEnd (3 de 4) 3. BackEnd • bugScout BackEnd architecture provides a flexible and conceptuality simple design, which allows to develop a fast and flexible environment • Integration Cloud Storage technology, provides systems and networks our capacity to grow and scale, with a minimum manual handling • Safety is an integral part of computing in cloud. Architectural design of a group of systems that work directly on highly sensitive information, to protect the information accordingly. bugScout BackEnd goes a step further by considering that involves integration Cloud Storage with three key additional services:  Resizing  Disaster Recovery  Data security and communications
  • 28. BackEnd (4 of 4) 3. BackEnd • bugScout BackEnd presents a secure, flexible and scalable management system:  FileNetSystem, paradigm implies that from a single console can be managed independently, each of the Cloud Storage Systems  Management System enabling self-configuration in expansion modules. Driver modules themselves are capable of detecting a new infrastructure and adapt the present configuration, giving the administrator the options available, facilitating the scaling system • bugScout BackEnd provides the following benefits:  Compliance with laws and regulations  Hardware failover  Long feasibility of IT resources  Secured assets in physical environments  Data isolation
  • 29. Why is the best solution? • bugScout has been designed by one of the best and qualified teams with projects worldwide • Does not require extensive knowledge of security • bugScout gets the best detection and false positive rates on the market • This is the first tool that has other language independent, rejecting the pseudo-code conversion. Thus extending the detection rate, being able to locate errors and deprecated library functions, vulnerabilities, sensitive information in comments, ectc. • bugScout automatically corrects the vulnerable parts of the code, proposing effective solutions to build secure applications • Lets you easily manage vulnerabilities, reporting, storing documentation, see statistics, historical control…
  • 30. www.buguroo.com For further information please contact: sales@buguroo.com Tel.: (34) 917 816 160 Plaza Marqués de Salamanca, 3-4, 28006 Madrid