SAN FRANCISCO, Feb. 16, 2016 (GLOBE NEWSWIRE) -- Hackers’ continued success in exploiting vulnerabilities in software, Web and
mobile applications a decade after the application security testing (AST) market emerged shows there is still much to be done.
A photo accompanying this announcement is available at http://www.globenewswire.com/NewsRoom/AttachmentNg/6a8d8c67-8011-4dbb-b605-56ece61f5113
One group of world-class cyber sleuths at ®buguroo may have the answer— a new generation of appsec tools that can rise to the challenge of cross-platform attacks
and the massive scale required to thoroughly test today’s mega-apps.
Today, buguroo — a U.S. startup coming out of Deloitte’s European Security Operations Center (SOC) — is launching bugBlast, a next-generation appsec management platform that unifies many types of vulnerability
testing tools with real-time intelligence. Capable of creating a single, holistic view of an application’s security as it executes
in its actual infrastructure, cloud-based bugBlast can scale to test mega-apps in their entirety. By correlating multiple results
from static, dynamic and infrastructure testing with real-time threat intel at this scale, buguroo is re-defining the market for
interactive AST.
As part of its appsec platform, the company is also announcing bugScout, a static application security testing (SAST) tool that significantly advances the
state of the art. Designed from the ground up as a cloud app, bugScout eliminates one of the main limitations facing classic SAST
architectures — the ability to completely model extremely large apps in memory.
“To hackers, a vulnerability is a vulnerability, wherever they find it, but until now, technology limitations forced application
testing piece by piece,” said Pablo de la Riva Ferrezuelo, CTO and founder of buguroo. “The technology advances in bugBlast and
bugScout level the playing field by enabling testers to use many different tools together and test everything at once across the
entire application and platform, which is just how the hackers attack.”
buguroo's application security testing platform, bugBlast, breaks new ground in many ways:
- Designed by ethical hackers and cybersecurity auditors, the platform automates their own best practices and
provides a single tool for managing the entire appsec process
- Unifies multiple scanning engines and intelligence feeds into one comprehensive management and testing
platform for all team members
- Correlates all results in a single model to find more vulnerabilities and facilitate efficient
correction
- Provides a common environment for auditors and developers, based on a highly visual dashboard that enhances
cross-team communications, efficiency and coding security
- Scales to model and analyze very large applications at very high speeds, overcoming architectural
limitations of testing solutions derived from first-generation classic AST
- Integrates proprietary intelligence tools for real-time discovery of and alerts on new vulnerabilities
specifically relevant to the application and infrastructure
- Enables continuous testing and re-testing throughout the development and software maintenance lifecycle
- Supports multiple open source and proprietary vulnerability lists, including CWE, OWASP and SANS and more as
well as buguroo’s and its customers’ own intelligence
- Easy start up with no onsite equipment required delivers a rapid time to value
bugBlast has many other capabilities that you would expect to see in a state-of-the-art security management platform such as a
flexible policy manager, algorithms and experiential learning to continually reduce false positives, integration with other ITSEC
platforms like SIEM and WAF, a built-in ticketing system as well as hooks to integrate with other bug tracking and software
lifecycle management solutions and a robust documentation and report generator.
The company's new bugScout SAST solution is designed to work within the bugBlast platform or as a standalone solution. It shares
many of the industry-leading technologies in bugBlast, notably its capability to model very large application sets in their
entirety and its fast proprietary engine that analyzes millions of lines of code in just a few minutes.
Other capabilities of bugScout include:
- Laser focus on riskiest languages, Java, PHP, .NET, and the application ecosystems for Android, provides
robust vulnerability detection in the most widely used languages
- Lowest rate of false positives on the market, thanks to its adaptive learning technology and multiple
configuration options
- Built-in software quality analyzer using the SonarQube open platform makes applications more efficient,
reliable, and resilient at the same time they are made more secure and increases the productivity of developers
- Enables continuous testing and re-testing throughout the development and software maintenance lifecycle
- Supports multiple open source and proprietary vulnerability lists, including CWE, OWASP and SANS and more as
well as buguroo’s and its customers’ own intelligence
- Easy start up with no onsite equipment required, delivers a rapid time to value
Although a startup in the U.S., buguroo is building on its five-year history in Europe and its proven technology and security
operations experience. Originally, the company was a stand-alone unit in Deloitte Spain, and the buguroo team of ethical hackers
and cybersecurity analysts worked alongside experts from Deloitte Spain to manage the Deloitte Security Operations Center
(SOC) for Europe. In 2015, the 50-employee company was spun off as buguroo and closed a $3.34 million round of angel financing to
expand its business internationally and accelerate development of its product roadmap.
Separately today, buguroo announced bugThreats, a comprehensive threat intelligence platform that makes enterprise security
operations analysts more effective and has already proven its value at several large global infrastructures, and its bugFraud Defense next-generation online fraud detection solution that provides real-time
protection of websites from hijacked sessions using man-in-the-browser or man-in-the-middle attacks.
buguroo also provides technical services from its highly qualified team of professional security auditors to help clients with
malware analysis and remediation, forensics, impact analysis, Dark Web data recovery, botnet takedowns and other advanced
techniques.
More information on the bugBlast next-generation appsec management platform and the bugScout static application security testing (SAST) tool is available online, or by
emailing info@buguroo.com.
Deb Montner 203.226.9290 dmontner@montner.com
