Commercial release of Codename SCNR

Hello all,

I am very pleased to announce the commercial release of Ecsypno's DAST/IAST offering:

 

 

Codename SNCR is a highly evolved web application security scanner, utilizing DAST, as well as IAST, techniques -- DAST to analyze server-side behavior from a black-box perspective and DAST & IAST for client-side Javascript environment analysis.

In addition, server-side IAST capabilities exist for Ruby web applications, but those are going to be rolled out later on.

Editions

Codename SCNR comes in 3 editions:

  1. Basic -- CLI utilities to manage the scanner engine.
    1. + Ruby API for scripting.
  2. Pro -- Basic features + a Web interface to manage scans.
  3. Enterprise -- Pro + distributed deployment features.
    1. Remote Agents
    2. Schedulers
    3. REST API

Unrestricted approach

No edition imposes restrictions on the amount of:

  • sites you are allowed to scan;
  • scans you can perform;
  • parallel scans you can run;
  • scanned pages;
  • time you can scan.

Background

Codename SCNR is the result of more than a decade's worth of R&D, coming from the industry known Arachni WebAppSec Scanner Framework.

You can think of it as the new Arachni and on steroids, along with lots of extra smarts.
With Arachni being Free and Open/Public Source in one way or another for the last 13+ years, the community was speaking, and we were listening.

Future proof

Yes, excellent...

...you might say...

...but is it AI?

Yes (sigh) it's enough "AI" for its tasks -- glad we got that out of the way.

Intricate techniques, along with advanced heuristics and a smidgen of machine-learning cover vulnerability analysis/verification as well as performance focused scheduling quite nicely.

In what other ways is Codename SCNR interesting?

Well, the Rust language was chosen for the resource intensive parts, in order to keep performance high and CPU/RAM consumption low, and Rust is the best in that department nowadays!

The business logic is written in Ruby, and Ruby is the coolest for that sort of thing too.

Chromium handles DOM level-3 support and libcurl has been chosen for HTTP communications.

Winning combinations all around!

In closing

Everything is ready to kick-off this new and exciting product, to which this short post does very little justice -- please go over the Codename SNCR and the documentation pages for more.

Should any hick-ups arise, do send us your feedback and we'll be on top of the situation.

Best of regards,

Tasos Laskos -- Founder, CEO, Director of R&D.

Older post Newer post

Leave a comment

Please note, comments must be approved before they are published