SAN FRANCISCO, Feb. 16, 2016 (GLOBE NEWSWIRE) -- Hackers’ continued success in exploiting vulnerabilities in software, Web and mobile applications a decade after the application security testing (AST) market emerged shows there is still much to be done.
One group of world-class cyber sleuths at ®buguroo may have the answer— a new generation of appsec tools that can rise to the challenge of cross-platform attacks and the massive scale required to thoroughly test today’s mega-apps.
Today, buguroo — a U.S. startup coming out of Deloitte’s European Security Operations Center (SOC) — is launching bugBlast, a next-generation appsec management platform that unifies many types of vulnerability testing tools with real-time intelligence. Capable of creating a single, holistic view of an application’s security as it executes in its actual infrastructure, cloud-based bugBlast can scale to test mega-apps in their entirety. By correlating multiple results from static, dynamic and infrastructure testing with real-time threat intel at this scale, buguroo is re-defining the market for interactive AST.
As part of its appsec platform, the company is also announcing bugScout, a static application security testing (SAST) tool that significantly advances the state of the art. Designed from the ground up as a cloud app, bugScout eliminates one of the main limitations facing classic SAST architectures — the ability to completely model extremely large apps in memory.
“To hackers, a vulnerability is a vulnerability, wherever they find it, but until now, technology limitations forced application testing piece by piece,” said Pablo de la Riva Ferrezuelo, CTO and founder of buguroo. “The technology advances in bugBlast and bugScout level the playing field by enabling testers to use many different tools together and test everything at once across the entire application and platform, which is just how the hackers attack.”
buguroo's application security testing platform, bugBlast, breaks new ground in many ways:
- Designed by ethical hackers and cybersecurity auditors, the platform automates their own best practices and provides a single tool for managing the entire appsec process
- Unifies multiple scanning engines and intelligence feeds into one comprehensive management and testing platform for all team members
- Correlates all results in a single model to find more vulnerabilities and facilitate efficient correction
- Provides a common environment for auditors and developers, based on a highly visual dashboard that enhances cross-team communications, efficiency and coding security
- Scales to model and analyze very large applications at very high speeds, overcoming architectural limitations of testing solutions derived from first-generation classic AST
- Integrates proprietary intelligence tools for real-time discovery of and alerts on new vulnerabilities specifically relevant to the application and infrastructure
- Enables continuous testing and re-testing throughout the development and software maintenance lifecycle
- Supports multiple open source and proprietary vulnerability lists, including CWE, OWASP and SANS and more as well as buguroo’s and its customers’ own intelligence
- Easy start up with no onsite equipment required delivers a rapid time to value
bugBlast has many other capabilities that you would expect to see in a state-of-the-art security management platform such as a flexible policy manager, algorithms and experiential learning to continually reduce false positives, integration with other ITSEC platforms like SIEM and WAF, a built-in ticketing system as well as hooks to integrate with other bug tracking and software lifecycle management solutions and a robust documentation and report generator.
The company's new bugScout SAST solution is designed to work within the bugBlast platform or as a standalone solution. It shares many of the industry-leading technologies in bugBlast, notably its capability to model very large application sets in their entirety and its fast proprietary engine that analyzes millions of lines of code in just a few minutes.
Other capabilities of bugScout include:
- Laser focus on riskiest languages, Java, PHP, .NET, and the application ecosystems for Android, provides robust vulnerability detection in the most widely used languages
- Lowest rate of false positives on the market, thanks to its adaptive learning technology and multiple configuration options
- Built-in software quality analyzer using the SonarQube open platform makes applications more efficient, reliable, and resilient at the same time they are made more secure and increases the productivity of developers
- Enables continuous testing and re-testing throughout the development and software maintenance lifecycle
- Supports multiple open source and proprietary vulnerability lists, including CWE, OWASP and SANS and more as well as buguroo’s and its customers’ own intelligence
- Easy start up with no onsite equipment required, delivers a rapid time to value
Although a startup in the U.S., buguroo is building on its five-year history in Europe and its proven technology and security operations experience. Originally, the company was a stand-alone unit in Deloitte Spain, and the buguroo team of ethical hackers and cybersecurity analysts worked alongside experts from Deloitte Spain to manage the Deloitte Security Operations Center (SOC) for Europe. In 2015, the 50-employee company was spun off as buguroo and closed a $3.34 million round of angel financing to expand its business internationally and accelerate development of its product roadmap.
Separately today, buguroo announced bugThreats, a comprehensive threat intelligence platform that makes enterprise security operations analysts more effective and has already proven its value at several large global infrastructures, and its bugFraud Defense next-generation online fraud detection solution that provides real-time protection of websites from hijacked sessions using man-in-the-browser or man-in-the-middle attacks.
buguroo also provides technical services from its highly qualified team of professional security auditors to help clients with malware analysis and remediation, forensics, impact analysis, Dark Web data recovery, botnet takedowns and other advanced techniques.
More information on the bugBlast next-generation appsec management platform and the bugScout static application security testing (SAST) tool is available online, or by emailing info@buguroo.com.