Fullstack Vulnerability Management to detect weaknesses across web applications and supporting hosts. Continuous Vulnerability Assessment coupled with expert human intelligence - Virtually False Positive Free.
Full Stack Security: Websites, apps (mobile/web/cloud), software, servers and networks With over 57,000 assets under vulnerability management, edgescan is a listed "notable vendor" in the Gartner’s Magic Quadrant for Managed Security Services and a “sample vendor” in the Gartner Application Security Hype cycle.
Vulnerabilities or bugs in software may enable cyber criminals to exploit both Internet facing and internal systems. Fraud, financial, data & identity theft, and denial-of-service attacks are often the result, leaving companies with serious losses or damage to their reputation.
However, some of these issues can be easily avoided or at least mitigated. This document discusses all of the vulnerabilities discovered by edgescanTM over the past year – during 2017.
The vulnerabilities discovered are a result of providing “Fullstack” continuous vulnerability management to a wide range of client verticals; from Small Businesses to Global Enterprises, From Telecoms & Media companies to Software Development, Gaming, Energy and Medical organisations.
The statistics are based on the continuous security assessment & management of thousands of systems distributed globally.
Eoin Keary, CEO of edgescan, tells ITSPmagazine Their Story
Eoin Keary, CEO of Dublin-based edgescan, talks to ITSPmagazine about his entry into cybersecurity, starting off in software development. Eoin describes how the agile software development lifecycle (SDLC) has changed the way organizations need to view risk as they build and deploy their applications throughout their business environment.
Per Eoin's experience as both a developer and a breaker and now as the CEO of a successful SaaS-based vulnerability assessment solution provider, organizations need to address security up and down the operational stack and all the way through the SDLC; it’s important to give the developers the proper tools, making it nearly invisible to the developers to make their applications secure. As Eoin describes, however, the solution needs to extend beyond the tools and needs to be combined with training to make the engineers aware of the cyber risks they face in logic and implementation bugs they might introduce into their application's code.
With a goal to combine the technical and human elements of vulnerability management, Eoin describes how and why he and his team started edgescan, highlighting the unique challenges they are looking to solve for their customers via the combination of machine-learning-enabled automation and hands-on human intelligence which they use to validate the findings.
Some clients call edgescan their "virtual penetration testing team," with a number of them leveraging edgescan's APIs to integrate continuous application vulnerability assessments within their existing CDCI- (continuous development / continuous integration) enabled DevSecOps processes.
"Security is everybody’s problem now," says Eoin. "It is getting attention at the board level; you need to get yourself into these meetings, and you need to be prepared to present metrics."
Payment Services Directive (PSD2)
Opening the doors to a secure business
Designed to improve choice for customers, create more competition and stimulate innovation, PSD2 will drive fundamental change in the way we bank. The move to the digital marketplace is no longer an aspiration, but is a necessity for financial institutions to stay relevant or competitive. As part of this evolution, new risks need to be considered in relation to regulatory compliance, privacy, liability and a new attack surface for cyber criminals. These risks are not necessarily greater but different, and need to be treated as such. Success in this new era will be dictated by banks and FinTech’s which maximise API integration with third parties in a secure manner. This paper explores some of the fundamental changes that underpin PSD2 and the security model that is changing with it.
More Videos and Webcasts With Edgescan
Rahim Jina, COO for Edgescan, talks with Sean Martin about the DOM-based web application data exfiltration detection tool Edgescan will be putting out to the open source community. The new tool will be released and presented during the 2018 edition of OWASP's AppSec California event being held in January 2018 in Santa Monica, CA.
More information about the conference can be found at:
Robert Feeney from Edgescan shares tips w/ Sean Martin to help researchers stand out
In this new episode of An InfoSec Life, Robert Feeney, a senior security consultant at Edgescan, speaks to fellow security researchers and security consultants about what they can do to differentiate themselves from the pack; how can they excel in the industry. In addition to speaking to his peers, Robert shares a lot of solid information that should help the managers of these individuals working in the industry as well.
Of the topics presented, events and organizations were a key part of the conversation, especially given that this chat took place during OWASP AppSec USA 2017 following his presentation on successful automated application scanning techniques. Robert highlights that it is important to join groups like ISACA, ISC2, and OWASP and to also attend their events: national, regional and local events. Robert also suggests that it’s important to move beyond basic event and conference attendance and to consider speaking at these events as well.