Home
1
Products2
Tenable - Nessus Tenable - Nessus https://www.flag-info.com/en/product_1428537.html         NESSUS IS #1 FOR VULNERABILITY ASSESSMENT From the beginning, we've worked hand-in-hand with the security community. We continuously optimize Nessus based on community feedback to make it the most accurate and comprehensive vulnerability assessment solution in the market. 20 years later and we're still laser focused on community collaboration and product innovation to provide the most accurate and complete vulnerability data - so you don't miss critical issues which could put your organization at risk. Tenable is a 2021 Gartner Representative Vendor in Vulnerability Assessment.Today, Nessus is trusted by more than 30,000 organizations worldwide as one of the most widely deployed security technologies on the planet - and the gold standard for vulnerability assessment.   1428537
5 1
        NESSUS IS #1 FOR VULNERABILITY ASSESSMENT From the beginning, we've worked hand-in-hand with the security community. We continuously optimize Nessus based on community feedback to make it the most accurate and comprehensive vulnerability assessment solution in the market. 20 years later and we're still laser focused on community collaboration and product innovation to provide the most accurate and complete vulnerability data - so you don't miss critical issues which could put your organization at risk. Tenable is a 2021 Gartner Representative Vendor in Vulnerability Assessment.Today, Nessus is trusted by more than 30,000 organizations worldwide as one of the most widely deployed security technologies on the planet - and the gold standard for vulnerability assessment.  
www.
NT$ http://schema.org/InStock https://www.flag-info.com/en/product_1428537.html 2022-04-02 0
Tenable - Nessus
IDA PRO Tool IDA PRO Tool https://www.flag-info.com/en/product_1428538.html A powerful disassembler and a versatile debugger IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro so that it can generate assembly language source code from machine-executable code and make this complex code more human-readable. The debugging feature augmented IDA with the dynamic analysis. It supports multiple debugging targets and can handle remote applications. Its cross-platform debugging capability enables instant debugging, easy connection to both local and remote processes and support for 64-bit systems and new connection possibilities.   IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and commercial off-the-shelf validation   1428538
5 1
A powerful disassembler and a versatile debugger IDA Pro as a disassembler is capable of creating maps of their execution to show the binary instructions that are actually executed by the processor in a symbolic representation (assembly language). Advanced techniques have been implemented into IDA Pro so that it can generate assembly language source code from machine-executable code and make this complex code more human-readable. The debugging feature augmented IDA with the dynamic analysis. It supports multiple debugging targets and can handle remote applications. Its cross-platform debugging capability enables instant debugging, easy connection to both local and remote processes and support for 64-bit systems and new connection possibilities.   IDA Pro has become the de-facto standard for the analysis of hostile code, vulnerability research and commercial off-the-shelf validation  
www.
NT$ http://schema.org/InStock https://www.flag-info.com/en/product_1428538.html 2022-04-02 0
IDA PRO Tool
Burp Suite Software Tool Burp Suite Software Tool https://www.flag-info.com/en/product_1428541.html     Web vulnerability scanner Enterprise/Professional  Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10. Burp’s cutting-edge web application crawler accurately maps content and functionality, automatically handling sessions, state changes, volatile content, and application logins. Burp Scanner includes a full JavaScript analysis engine using a combination of static (SAST) and dynamic (DAST) techniques for detection of security vulnerabilities within client-side JavaScript, such a DOM-based cross-site scripting. Burp has pioneered the use of highly innovative out-of-band techniques (OAST) to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed. The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application. Burp’s scanning logic is continually updated with enhancements to ensure it can find the latest vulnerabilities and new edge cases of existing vulnerabilities. In recent years, Burp has been the first scanner to detect novel vulnerabilities pioneered by the Burp research team, including template injection and web cache poisoning. All reported vulnerabilities contain detailed custom advisories. These include a full description of the issue, and step-by-step remediation advice. Advisory wording is dynamically generated for each individual issue, with any special features or remediation points accurately described.   Advanced manual tools Professional Use Burp project files to save your work incrementally in real-time, and pick up seamlessly where you left off. Use the configuration library to quickly launch targeted scans with different settings. View real-time feedback of all discovered vulnerabilities on Burp's central dashboard. Place manual insertion points at arbitrary locations within requests, to inform the Scanner about non-standard inputs and data formats. Use live scanning as you browse to fully control what actions are carried out for what requests. Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting. You can export beautifully formatted HTML reports of discovered vulnerabilities. The CSRF PoC Generator function can be used to generate a proof-of-concept cross-site request forgery (CSRF) attack for a given request. The Content Discovery function can be used to discover hidden content and functionality that is not linked from visible content that you can browse to. The Target Analyzer function can be used to analyze a target web application and tell you how many static and dynamic URLs it contains, and how many parameters each URL takes. Burp Intruder is an advanced tool for automating custom attacks against applications. It can be used for numerous purposes to improve the speed and accuracy of manual testing. Intruder captures detailed attack results, with all relevant information about each request and response clearly presented in table form. Captured data includes the payload values and positions, HTTP status code, response timers, cookies, number of redirections, and the results of any configured grep or data extraction settings.   Scheduled and repeat scans Enterprise  Burp Suite Enterprise Edition can perform scheduled scans at specific times, or carry out one-off scans on demand. You can configure repeat scans to run indefinitely or until a defined end point. You can view in a single place the entire scan history for a given web site.    Unlimited scalability Enterprise Burp Suite Enterprise Edition has extreme scalability, and can scan indefinitely many web sites in parallel. You can configure all of your organization's web sites in one place, organized to reflect your organizational structure. All scan results are aggregated in one place, providing an at-a-glance view of your organization’s security posture The scalable agent pool distributes workload across multiple machines, allowing your deployment to grow to any size, and perform as many parallel scans as your organization requires. Burp Suite Enterprise Edition supports multiple users with role-based access control (RBAC) to restrict access to sensitive data. There are no licensing restrictions on the number of users.   CI integration Enterprise  Bring security automation forward in your development lifecycle using Burp's CI integration. Automatically launch vulnerability scans from your CI system via the REST API. There are ready-made native CI plugins for popular platforms such as Jenkins and TeamCity, and a generic CI driver that can be easily installed in any CI system. You can run scans per commit, on a schedule, or as part of your deployment pipelines. The CI integration can be configured to break software builds based on the severity of discovered issues.   Essential manual tools Professional  Burp Proxy allows manual testers to intercept all requests and responses between the browser and the target application, even when HTTPS is being used. You can view, edit or drop individual messages to manipulate the server-side or client-side components of the application. The Proxy history records full details of all requests and responses passing through the Proxy. You can annotate individual items with comments and colored highlights, letting you mark interesting items for manual follow-up later. Burp Proxy can perform various automatic modification of responses to facilitate testing. For example, you can unhide hidden form fields, enable disabled form fields, and remove JavaScript form validation. You can use match and replace rules to automatically apply custom modifications to requests and responses passing through the Proxy. You can create rules that operate on message headers and body, request parameters, or the URL file path. Burp helps eliminate browser security warnings that can occur when intercepting HTTPS connections. On installation, Burp generates a unique CA certificate that you can install in your browser. Host certificates are then generated for each domain that you visit, signed by the trusted CA certificate. Burp supports invisible proxying for non-proxy-aware clients, enabling the testing of non-standard user agents such as thick client applications and some mobile applications. HTML5 WebSockets messages are intercepted and logged to a separate history, in the same way as regular HTTP messages. You can configure fine-grained interception rules that control precisely which messages are intercepted, letting you focus on the most interesting interactions. The target site map shows all of the content that has been discovered in sites being tested. Content is presented in a tree view that corresponds to the sites’ URL structure. Selecting branches or nodes within the tree shows a listing of individual items, with full details including requests and responses where available. All requests and responses are displayed in a feature-rich HTTP message editor. This provides numerous views into the underlying message to assist in analyzing and modifying its contents. Individual requests and responses can be easily sent between Burp tools to support all kinds of manual testing workflows. The Repeater tool lets you manually edit and reissue individual requests, with a full history of requests and responses. The Sequencer tool is used for statistical analysis of session tokens using standard cryptographic tests for randomness. The Decoder tool lets you convert data between common encoding schemes and formats used on the modern web. The Clickbandit tool generates working clickjacking attacks against vulnerable application functions. The Comparer tool performs a visual diff between pairs of requests and responses or other interesting data. You can create custom session handling rules to deal with particular situations. Session handling rules can automatically log in, detect and recover invalid sessions, and fetch valid CSRF tokens. The powerful Burp Extender API allows extensions to customize Burp’s behavior and integrate with other tools. Common use cases for Burp extensions include modifying HTTP requests and responses on the fly, customizing the Burp UI, adding custom Scanner checks, and accessing key runtime information including crawl and scan results. The BApp Store is a repository of ready-to-use extensions contributed by the Burp user community. These can be installed with a single click from within the Burp UI.        1428541
5 1
    Web vulnerability scanner Enterprise/Professional  Coverage of over 100 generic vulnerabilities, such as SQL injection and cross-site scripting (XSS), with great performance against all vulnerabilities in the OWASP top 10. Burp’s cutting-edge web application crawler accurately maps content and functionality, automatically handling sessions, state changes, volatile content, and application logins. Burp Scanner includes a full JavaScript analysis engine using a combination of static (SAST) and dynamic (DAST) techniques for detection of security vulnerabilities within client-side JavaScript, such a DOM-based cross-site scripting. Burp has pioneered the use of highly innovative out-of-band techniques (OAST) to augment the conventional scanning model. The Burp Collaborator technology allows Burp to detect server-side vulnerabilities that are completely invisible in the application’s external behavior, and even to report vulnerabilities that are triggered asynchronously after scanning has completed. The Burp Infiltrator technology can be used to perform interactive application security testing (IAST) by instrumenting target applications to give real-time feedback to Burp Scanner when its payloads reach dangerous APIs within the application. Burp’s scanning logic is continually updated with enhancements to ensure it can find the latest vulnerabilities and new edge cases of existing vulnerabilities. In recent years, Burp has been the first scanner to detect novel vulnerabilities pioneered by the Burp research team, including template injection and web cache poisoning. All reported vulnerabilities contain detailed custom advisories. These include a full description of the issue, and step-by-step remediation advice. Advisory wording is dynamically generated for each individual issue, with any special features or remediation points accurately described.   Advanced manual tools Professional Use Burp project files to save your work incrementally in real-time, and pick up seamlessly where you left off. Use the configuration library to quickly launch targeted scans with different settings. View real-time feedback of all discovered vulnerabilities on Burp's central dashboard. Place manual insertion points at arbitrary locations within requests, to inform the Scanner about non-standard inputs and data formats. Use live scanning as you browse to fully control what actions are carried out for what requests. Burp can optionally report all reflected and stored inputs, even where no vulnerability has been confirmed, to facilitate manual testing for issues like cross-site scripting. You can export beautifully formatted HTML reports of discovered vulnerabilities. The CSRF PoC Generator function can be used to generate a proof-of-concept cross-site request forgery (CSRF) attack for a given request. The Content Discovery function can be used to discover hidden content and functionality that is not linked from visible content that you can browse to. The Target Analyzer function can be used to analyze a target web application and tell you how many static and dynamic URLs it contains, and how many parameters each URL takes. Burp Intruder is an advanced tool for automating custom attacks against applications. It can be used for numerous purposes to improve the speed and accuracy of manual testing. Intruder captures detailed attack results, with all relevant information about each request and response clearly presented in table form. Captured data includes the payload values and positions, HTTP status code, response timers, cookies, number of redirections, and the results of any configured grep or data extraction settings.   Scheduled and repeat scans Enterprise  Burp Suite Enterprise Edition can perform scheduled scans at specific times, or carry out one-off scans on demand. You can configure repeat scans to run indefinitely or until a defined end point. You can view in a single place the entire scan history for a given web site.    Unlimited scalability Enterprise Burp Suite Enterprise Edition has extreme scalability, and can scan indefinitely many web sites in parallel. You can configure all of your organization's web sites in one place, organized to reflect your organizational structure. All scan results are aggregated in one place, providing an at-a-glance view of your organization’s security posture The scalable agent pool distributes workload across multiple machines, allowing your deployment to grow to any size, and perform as many parallel scans as your organization requires. Burp Suite Enterprise Edition supports multiple users with role-based access control (RBAC) to restrict access to sensitive data. There are no licensing restrictions on the number of users.   CI integration Enterprise  Bring security automation forward in your development lifecycle using Burp's CI integration. Automatically launch vulnerability scans from your CI system via the REST API. There are ready-made native CI plugins for popular platforms such as Jenkins and TeamCity, and a generic CI driver that can be easily installed in any CI system. You can run scans per commit, on a schedule, or as part of your deployment pipelines. The CI integration can be configured to break software builds based on the severity of discovered issues.   Essential manual tools Professional  Burp Proxy allows manual testers to intercept all requests and responses between the browser and the target application, even when HTTPS is being used. You can view, edit or drop individual messages to manipulate the server-side or client-side components of the application. The Proxy history records full details of all requests and responses passing through the Proxy. You can annotate individual items with comments and colored highlights, letting you mark interesting items for manual follow-up later. Burp Proxy can perform various automatic modification of responses to facilitate testing. For example, you can unhide hidden form fields, enable disabled form fields, and remove JavaScript form validation. You can use match and replace rules to automatically apply custom modifications to requests and responses passing through the Proxy. You can create rules that operate on message headers and body, request parameters, or the URL file path. Burp helps eliminate browser security warnings that can occur when intercepting HTTPS connections. On installation, Burp generates a unique CA certificate that you can install in your browser. Host certificates are then generated for each domain that you visit, signed by the trusted CA certificate. Burp supports invisible proxying for non-proxy-aware clients, enabling the testing of non-standard user agents such as thick client applications and some mobile applications. HTML5 WebSockets messages are intercepted and logged to a separate history, in the same way as regular HTTP messages. You can configure fine-grained interception rules that control precisely which messages are intercepted, letting you focus on the most interesting interactions. The target site map shows all of the content that has been discovered in sites being tested. Content is presented in a tree view that corresponds to the sites’ URL structure. Selecting branches or nodes within the tree shows a listing of individual items, with full details including requests and responses where available. All requests and responses are displayed in a feature-rich HTTP message editor. This provides numerous views into the underlying message to assist in analyzing and modifying its contents. Individual requests and responses can be easily sent between Burp tools to support all kinds of manual testing workflows. The Repeater tool lets you manually edit and reissue individual requests, with a full history of requests and responses. The Sequencer tool is used for statistical analysis of session tokens using standard cryptographic tests for randomness. The Decoder tool lets you convert data between common encoding schemes and formats used on the modern web. The Clickbandit tool generates working clickjacking attacks against vulnerable application functions. The Comparer tool performs a visual diff between pairs of requests and responses or other interesting data. You can create custom session handling rules to deal with particular situations. Session handling rules can automatically log in, detect and recover invalid sessions, and fetch valid CSRF tokens. The powerful Burp Extender API allows extensions to customize Burp’s behavior and integrate with other tools. Common use cases for Burp extensions include modifying HTTP requests and responses on the fly, customizing the Burp UI, adding custom Scanner checks, and accessing key runtime information including crawl and scan results. The BApp Store is a repository of ready-to-use extensions contributed by the Burp user community. These can be installed with a single click from within the Burp UI.       
www.
NT$ http://schema.org/InStock https://www.flag-info.com/en/product_1428541.html 2022-04-02 0
Burp Suite Software Tool
CYCRAFT CYCRAFT https://www.flag-info.com/en/product_1428558.html CYCRAFT AIR PLATFORM How AIR Works Either on premise or via cloud, AIR inspects thousands of endpoints simultaneously, detects real-time threats, discovers the root cause, and instantly responds. Our Xensor agent-less mode scans the endpoints on a daily scheduled basis, while the agent mode constantly monitors the endpoints for any malicious activities. The collected raw report from Xensor is sent to CyCarrier (AI-powered forensic analytics center), where it investigates malware samples, commands in memory, and other suspicious activities that signatures-based or anti-virus fail to classify. To enrich the CyCarrier’s database, the Cybertotal (Threat Intelligence) platform integrates internal sources with updated multiple external CTI data sources to provide the unique business intelligence. XENSOR Combining machine learning with unique forensic telemetry technology, Xensor provides highly efficient automated threat triage and remote endpoint access for incident investigation and threat hunting. An evolution above current security products, Xensor integrates multi-dimensional threat intelligence, including UEBA, program memory forensics, endpoint computer forensics, and network traffic analysis, without additional virus signatures or feature rules, to expediently respond and reduce security costs. CYBERTOTAL | Download CYBERTOTAL DataSheet | Sharing threat intel and related security information has become an important early action mechanism to prevent and respond to attacks; however, traditional Cybersecurity Threat Intelligence (CTI) is dominated by exchanging static blacklists of IPs, domains, and MD5s, lacking higher-level attacker intelligence. CyCraft’s Cyber Intel team has long tracked various forms of intrusion, provided historical information on APT groups, and brought together various global CTI sources of information* to provide high-quality threat intel and help companies quickly through AI automated correlation analysis and knowledge base optimization to identify threats and verify security alerts. ✔ CyberTotal provides a complete information security dictionary that supports 14 different threat indicator categories. ✔ CyberTotal provides STIX 2.0 reporting of the situation and supports TAXII to receive and push ISAC exchange information. ✔ CyberTotal provides a complete API integration interface to quickly integrate threat hunting and security. Enterprises can provide paid API keys to expand sources.   1428558
5 1
CYCRAFT AIR PLATFORM How AIR Works Either on premise or via cloud, AIR inspects thousands of endpoints simultaneously, detects real-time threats, discovers the root cause, and instantly responds. Our Xensor agent-less mode scans the endpoints on a daily scheduled basis, while the agent mode constantly monitors the endpoints for any malicious activities. The collected raw report from Xensor is sent to CyCarrier (AI-powered forensic analytics center), where it investigates malware samples, commands in memory, and other suspicious activities that signatures-based or anti-virus fail to classify. To enrich the CyCarrier’s database, the Cybertotal (Threat Intelligence) platform integrates internal sources with updated multiple external CTI data sources to provide the unique business intelligence. XENSOR Combining machine learning with unique forensic telemetry technology, Xensor provides highly efficient automated threat triage and remote endpoint access for incident investigation and threat hunting. An evolution above current security products, Xensor integrates multi-dimensional threat intelligence, including UEBA, program memory forensics, endpoint computer forensics, and network traffic analysis, without additional virus signatures or feature rules, to expediently respond and reduce security costs. CYBERTOTAL | Download CYBERTOTAL DataSheet | Sharing threat intel and related security information has become an important early action mechanism to prevent and respond to attacks; however, traditional Cybersecurity Threat Intelligence (CTI) is dominated by exchanging static blacklists of IPs, domains, and MD5s, lacking higher-level attacker intelligence. CyCraft’s Cyber Intel team has long tracked various forms of intrusion, provided historical information on APT groups, and brought together various global CTI sources of information* to provide high-quality threat intel and help companies quickly through AI automated correlation analysis and knowledge base optimization to identify threats and verify security alerts. ✔ CyberTotal provides a complete information security dictionary that supports 14 different threat indicator categories. ✔ CyberTotal provides STIX 2.0 reporting of the situation and supports TAXII to receive and push ISAC exchange information. ✔ CyberTotal provides a complete API integration interface to quickly integrate threat hunting and security. Enterprises can provide paid API keys to expand sources.  
www.
NT$ http://schema.org/InStock https://www.flag-info.com/en/product_1428558.html 2022-04-02 0
CYCRAFT