Application Penetration with Business Logic Tests
Expose privacy and security issues before launching software, or with sites and applications already launched. This includes business, consumer and internal apps. All are at risk if the issues are not found and addressed early.
DevOps-ready and aligned with Shift Left initiatives
Execute app-pen tests at each and every build, as is required for DevOps and Agile. This shift-left capability brings security testing closer to the dev team and places it early in each QA cycle, automatically as part of your CI workflow.
Surfaces more security risks than standard white-hat tests
Use the same scripts you use today
Use cases or scripts written for functional or performance tests can for the first time be used to drive business logic through an application with Appvance IQ. No consultants are required. No security expertise is required. Just use the same scripts you use today (Appvance IQ supports 24 script types) or simply record use cases…no coding needed.
Appvance IQ uses recorded or scripted use cases to login and navigate applications to the deepest levels. For example, a functional test script with 50 steps can be tagged to run app-pen at step 1 (the top level domain as normal), step 3 (after login), step 17 (after purchase), and step 25 (in the bowels of finance). At each tagged step, Appvance IQ runs a full spider, identifies all pages it can find, and then passes off credentials
and session info to run a complete OWASP suite of tests against each page. Automatically after completion, the use case restarts and continues on longer (this time, to step 3 in the example above) and runs a full spider, identifies all pages it can find, and then passes off credentials and session info to run a complete OWASP suite of tests against each page. This continues until all tagged steps have been completed. This all happens behind the scenes until all reports are complete.
Leveraging Appvance IQ’s use case-driven App-Pen framework, along with its load-gen technology, Appvance IQ can generate sophisticated DDoS attacks. During the attack, the system attempts to break-in just like known hackers do. Applications have access to key data and, under stress, they can give up any built-in protection to cached or DB-stored data. Appvance IQ is the first test automation platform with DDoS App Penetration testing, providing a critical capability to close the gaps in your security shield.