HOW IT WORKS
INFRA has a smart engine to analyze all services offered by any computer in a network. All TCP and all UDP services will be checked as well as the possibility to use ICMP and IGMP protocols. Even if the ports are not standards or the services are hidden or the banners are modified, INFRA is able to recognize them as well as the operative system running in the machine. This first operation is very important to define what other checks the core engine will do. For every service, INFRA will automatically decide the tests to run, if there is a login for example, the core scanner of INFRA will recognize the service and the protocol, will check the update of the release, validate the encryption and test for usernames and passwords, as well as specific tests for cookies, tokens, bruteforce and more.
- Machine Learning: Intelligence Framework is the first company to develop a turnkey solution for mandatory assessments, other solutions requires mainly the experience of the human analysts. Without automation and machine learning, security is significantly more manpower intensive, relying on people and their knowledge to detect, investigate, report and remediate, with a large percentage of the actions taken by security teams being repetitive. The skills shortage, combined with the ever-increasing need for organizations to achieve efficiency, necessitates new technologies to accelerate time to detection, response and recovery. By strategically implementing automation and machine learning to the assessments it will save time and improve effectiveness, enterprises can eliminate wasteful processes that rely on analysts sifting through piles of data and alerts to find actual threats.
- Platform Consolidation: We have been building out security platforms through technology acquisition and new feature development. These integrated platforms provide interconnected functionality, which enables consolidated management that is far more efficient than managing disparate point tools.
- Automation and Orchestration: Security automation and orchestration accelerates the movement of data between tools for the purposes of threat prioritization, response amplification, labor reduction and consistent workflow. This sector of security has seen massive investment and adoption, due to its promise to relieve security personnel of routine manual labor, and to implement effective workflows.
- Continuous Security Validation: Once these integration, consolidation and automation strategies are in place, enterprises must have systems to test that their security controls are properly configured over the course of time, even as network changes are made. Continuous security validation automates and speeds the process of identifying misconfigured platforms and network devices.
INFRA facilitates the automated review of a web application with the expressed purpose of discovering security vulnerabilities. It can look for a wide variety of vulnerabilities, including:
Specific application problems
Server configuration mistakes / errors / version
The scanner simulate a malicious user by attacking and probing, and seeing what results are not part of the expected result set.
It is able to scan JAVA/JSP, PHP or any other engine driven web application.
The most common application vulnerabilities in recently tested applications include:
NFRA modules are programs that make possible each test and are divided into 8 groups:
1. IG – Information Gathering
Modules that allow to search the required information in other security modules and also in intelligent modules in order to run deeper target and company analysis.
2. SA – Service Assessment Modules focused on searching the required information in other security modules, identifying the doors, services and OS, software versions and creating rules to launch other modules over revealed services.
3. US – User & Session Modules created to search vulnerabilities related to users, cookies, login, multi- session, etc.
4. VA – Vulnerability Assessment Modules that search vulnerabilities related to system and network, such as configuration, buffer overflow, software obsolescence and system-related problems, services and network.
5. WA - Web Assessment Modules that search vulnerabilities related to servers, services and web applications. All OWASP top 10 vulnerabilities are tested very carefully.
6. DB – Data Base Assessment Modules that search database-related vulnerabilities.
7. IF – Intelligence Framework extra modules This group contains all modules to look for the required information for other security modules.
8. EM - External Modules INFRA can also be connected to other (optional) vulnerability scanning software, commercial and open source, to get more information that will be used in its modules, reporting the final results in a single report so that the analysis is deeper and true, checking vulnerabilities more times. Among others, INFRA can connect to the following (optional) softwares
- Network VA: Tenable Nessus, Rapid7 Nexpose, OpenVAS, Nmap, Amap
- Web App/Services VA: Acunetix WVS, Nikto, OWASP ZAP, OWASP DirBuster, Burp Suite
- Network Penetration Test: Rapid7 Metasploit
- URL Manipulation: Burp Suite, OWASP ZAP, Acunetix WVS, W3af
- DataBase Security: SQLninja, SQLmap
- Password guessing: THC Hydra, Nmap
- Password cracking: John the Ripper
Not all software are listed here, and other modules and software will be added in the future, due to the continuous development of INFRA.
The Core, not only will autonomously decide what test to perform, but also will adapt the scan according to the available bandwidth and the server responses to do not affect the availability and reliability of the services. From its configuration panel is anyway possible to select the intensity of the scans, as well as the time when to perform all operations. INFRA can detect vulnerabilities of your application or infrastructure giving you executive and technical reports.