VioPoint

VIOPOINT is pleased to announce the general release of Seeker, a truly innovative web application testing tool. Web applications represent one of the greatest threats to organizations that maintain transaction based web sites… so ongoing testing is a necessity. Traditional testing tools can be very resource intensive and Seeker was designed from the onset with efficiency in mind. Developed by Hacktics, a VIOPOINT partner for web application security testing, Seeker is a software-based web application vulnerability testing tool that uses an all new technology called BRITE™ (Behavior Runtime Intelligent Testing Engine). This highly optimized processing tool not only analyzes web applications to detect vulnerabilities, it creates a video that demonstrates how the exploit can be used by a hacker …all in a matter of minutes.

Background

Hacktics is an elite team of software testing and security experts who have extensive background delivering world class penetration testing and application security services. Seeker was born out of requests from Hacktics’ customers who were looking for an automated security tool that would support the application lifecycle by scanning for vulnerabilities both during and after development.

Seeker offers a new approach to application security testing, ultimately demonstrating strengths from both a technology and a usability perspective. Seeker was designed to integrate into existing development processes (System Development Lifecycle) and infrastructures. To accomplish this goal, it was created with a simple-to-use interface that does not require specific security expertise to use. Ofer Maor, Chief Technology Officer of Hacktics explains, “Seeker was designed for R&D and QA people. They can run the software as part of their nightly builds or after an update to the software. Seeker will automatically test their applications to highlight any errors in the code and show them what can be done to fix it. Once corrected, a simple retest will help developers see if the corrections were properly applied. It’s very cost effective and easy to use.”

Results

Seeker is a powerful security scanning tool for web applications that can accomplish in minutes what other scanning tools take days to do. How long does it take to run? On the demo application of 20 screens, it takes less than one minute; most average size applications will take 10-15 minutes to complete the testing process. Seeker can detect a majority of the vulnerabilities unlike other tools on the market that typically detect 20-30%. What sets Seeker apart from other products is that it uses this new BRITE™ technology to perform runtime code analysis during execution of the application code. When Seeker detects a vulnerability it creates a video to verify it and shows how the exploit can be used by a hacker. This eliminates potential false positives by highlighting what screens are vulnerable and the necessary remediation actions.

“Seeker is suitable for any organization that creates web applications that must be secure – especially organizations that deal with financial or regulated data,” remarked Maor.

Selected as a top 10 finalist for the 2010 RSA Innovation Sandbox competition, Seeker is definitely worth taking a look at. You can watch a demo of Seeker at www.hacktics.com/content/seekerdemo or you can contact VIOPOINT for more information.