Don't miss out on the articles.
Zero-dependency deployment
Enjoy a multitude of interfaces that cover every need, without needing to install or configure dependencies.
- Ruby API, for highly-customized, scripted scans.
- REST API for easy integration.
- CLI scanner utilities, for terminal availability.
- WebUI, for ease of use.
- Distributed deployments (using remote Agents and Schedulers), for scalability.
Abundance of security checks
First class support for:
- XSS (with DOM variants)
- SQL injection
- NoSQL injection
- Code injection
- File inclusion variants
- Many more...
In addition, SCNR’s highly optimized techniques are top-of-the-line in reliability, accuracy and resiliency, even under unstable network conditions or when dealing with misbehaving web applications.
Bleeding edge technology
By being backed-up by Google Chrome, SCNR is on the bleeding edge of support for modern web applications.
- JavaScript/DOM/HTML5/AJAX.
- Detection of DOM-based vulnerabilities.
- Tracing of data and execution flows of DOM and JavaScript environments.
- Extra tracing optimizations for common JavaScript frameworks.
Another way to think of SCNR is as an automated, distributed, high-performance JavaScript/DOM security debugger - amongst other things.
Web applications are no longer black-boxes with its client-side IAST/DAST hybrid approach.
Intelligent
On-the-fly adaptation to each web application, down to the single input.
Analysis of each resource individually, which in turn allows for tailoring each request to the technologies being used, as well as the behavioral characteristics of each individual input vector.
This results in only pre-determined applicable payloads being injected when performing security checks, leading to less bandwidth consumption, less stress to the web application and, as a result, faster and more reliable scans.
High performance
SCNR wastes no time and minimizes delays by utilizing:
Highly detailed, well-structured reports
Reports can be generated in a number of open formats that allow you to consume all relevant information and context from a single file that is intuitively organised and well-structured.
All reports include an abundance of context for easy reproduction and verification of identified issues.
Formats include:
- Plaintext
- HTML
- XML
- JSON
- YAML
- Marshal
Articles
Continuous client-side IAST/DAST Hybrid approach for Single-Page-Applications
Some very interesting technology was presented a few days ago in the following articles: Following the data: Taint-tracing in the...
Managing an SCNR cloud over REST
New products and their terminology can be daunting, especially when it has to do with architectural things. To take care...
Following the execution: Taint-tracing in the JS environment
In our previous article we discussed data-flow tracing, i.e. following a piece of data as it travels through the JS...