Wallarm Builds On Its Security Test Automation Framework

From DevOps World / Jenkins World, Wallarm has released an expanded set of vulnerability detects for its proprietary Framework for Application Security Testing (FAST)

The latest release of Wallarm's FAST responds to the newest threats facing developers and security teams. The latest generation of threats circulating have further-reaching implications than before due to increases in surface expose in infrastrucutres and online businesses. FAST puts security testing automation inside CI/CD processes. Once defined, the fully automated, integrated test process uses existing functional tests and application-specific fuzzing to create security tests and optimize testing time. The FAST framework is easily integrated into any CI/CD platform. For Jenkins, there is a specific plug-in.

Codeless detect generation is another unique feature of the framework. Without coding, detects specific to vulnerabilities and application logic are defined using Detect Specific Language (DSL) based on YAML.

More info here.:

https://jessicapressreleases.blogspot.com/2018/05/canine-camp-getaway-of-ny-dog-vacation.html

YAML definitions for new detects are pulled from Github.

"Codeless extensions to automate custom logic allow FAST users to implement their own security ideas faster. At the same time, it allows us as a vendor to improve the software in an agile way." - Ivan Novikov, Wallarm CEO

Similar to the issue exploited in the 2017 Equifax breach, recently released detects include remote code execution and path traversal issues in Apache Struts Framework. When these detects are used in FAST to automate security testing, these types of vulnerabilities can be found at the testing stage and avoid dangerous issues in production.

Exploits in the latest batch include:

Ability to execute arbitrary commands via a crafted Content-Type, Content-Disposition, or Content-Length HTTP header

Remote Code Execution via a maliciously-formed message to ActionMessage in Struts 1 plugin

Potential RCE attack if Freemarketer tag is misformed

Potential RCE with certain namespace configurations when alwaysSelectFullNamespace is set to true

A potential issue with XML deserialization in the Apache Struts REST Plugin, which can lead to a Remote Code Execution

Even development tools are subject to potential vulnerabilities. Other recently released detects can find these types of vulnerabilities hidden in dev tools, like a server-side template injection in JIRA allowing unauthenticated code execution (CVE-2017-7525) and a detect of a user information leak /user/(username)/api remote API in earlier versions of Jenkins (CVE-2017-1000395)

About Wallarm
Wallarm platform protects websites, microservices, and APIs throughout the application life-cycle. Security and DevOps teams choose Wallarm FAST to automate security testing inside CI/CD pipeline, increase visibility into hacking attempts, and detect and remediate OWASP Top10.

The technology provides dynamic, active, and focused security for hundreds of enterprises and SaaS companies operating in public, hybrid, and private clouds.

Founded in 2013, Wallarm is headquartered in San Francisco, California. It is backed by Toba Capital, Y Сombinator, Partech, Runa Capital, and other investors.

See Wallarm in at DevOps World | Jenkins World in booth #902

.

© Copy Right 2019 Jessica Brown's Press Releases.

All information are taken from the news source. We do not promise anything nor take any responsibility for anything the news owner claim. We just share the news as is. You can contact news owner directly in the message for more information.