Vulnerabilities can be introduced at any time that can expand your attack surface. So, Informer uses automation to continuously find infrastructure and application-level vulnerabilities on assets that are both known and unknown to you. Combined with our expert penetration testing, you’ll get 24/7 coverage and assurance that your attack surface is monitored for any changes in your digital environment.
Newly discovered vulnerabilities found in real-time
Searches for vulnerabilities on newly exposed services
New vulnerabilities added daily
Intelligent vulnerability scoring
Discovers vulnerabilities that are the result of missing patches and misconfigurations in software such as web servers, administrative services, and exposed database services.
Vulnerabilities in administrative services - Find security weakness in administrative services that could lead to a serious breach such as SSH, Remote Desktop Services (RDP), and VNC, for example.
Misconfigured services are identified - Configuration issues could be introduced at any time increasing the risk of attackers gaining privileged access.
Full port ranges are scanned - All unintended TCP and UDP services that have been exposed to the internet are identified as the result of network misconfiguration of firewalls and cloud services.
Identifies emerging vulnerabilities - Over 20,000 new vulnerabilities were discovered in 2019 - that’s 54 every day. Informer scans for new vulnerabilities as they are coded.
Finds insecure assets that accept sensitive data
Assets that have personal and sensitive areas are assessed for vulnerabilities and configuration issues.
Looks for personal information - Identifies combinations of information that could identify individuals - name, address, Social Security Number etc.
Identifies authentication areas - Passwords traveling over unencrypted or misconfigured encrypted channels will be highlighted.
Highlights potential GDPR issues - Assets with personal information received by websites outside of the EU are highlighted as a potential compliance issue.
Informer uses active automation scanning to identify vulnerabilities in web applications using existing application security attacks and newly discovered attack techniques.
Zero-day vulnerabilities are identified - Previously undiscovered vulnerabilities are discovered as a result of the development of new attack techniques and applications that are changing.
Finds OWASP Top Ten vulnerabilities - Finds vulnerabilities that are categorized by OWASP - from Cross-Site Scripting to SQL Injection.
Adapts to the web application technology in use -Informers scanners cover modern reactive applications, such as Angular JS and React as well as dynamic web applications such as PHP and ASP.
Renders applications locally - By locally rendering the applications, dynamic page elements are scanned enabling all parameters to be included in the scan.
Harness the power of human expertise
Use our CREST-accredited penetration testers for situations that require depth of testing, combining expertise and a human approach that machines simply cannot match.
Depth of testing - Vulnerabilities are identified by our penetration testers that take several steps to exploit.
Go further than scanning - Penetration testers can distinguish determine logic flaws and opportunities to defraud you.
Focus on specific critical application areas - Extensive testing is carried out on areas of the application that access sensitive information and may need focussed attention.
Detailed authentication and authorization assessments - In-depth tests to identify user separation and identification is implemented securely.
Extensive library of vulnerabilities and configuration issues
Informer scans using a large library of known vulnerabilities and tests for a wide range of misconfigurations against an expansive number of services.
Vulnerabilities with CVEs - Over 50,000 CVEs with IDs are tested for with new vulnerabilities added daily.
Misconfiguration checks - A total of 56,000 tests are intelligently carried out against a wide range of services looking for misconfigurations.
CVSS v3.0 ratings -All vulnerabilities are scored using the industry-standard Common Vulnerability Scoring System (CVSS).
Contextual vulnerability ratings - Risk ratings are assigned to vulnerabilities taking into account the asset criticality.