♪ Hey, TestJS. I'm Oli, VP here at Neuralegions Developer Focused Security Testing Scanner. Thanks for joining as we discuss accurate security testing automation for developers in the CI-CD.
Now a quick intro into Neuralegions. We're a global team of security experts and researchers creating the best dynamic application security testing scanner built to be loved by developers to test your apps, your APIs, but more importantly to also be trusted by your security.
You're releasing software faster than ever and security needs to keep up and this process needs to be owned by you, developers. We enable you to build the scan surface from the very first unit tests, running tests on every build or every pull request. This is seamlessly integrated into your pipelines, but more importantly with no false positives, so you can trust the output to make detecting and fixing security vulnerabilities really, really quick and really, really simple.
Let's take a look at what's under the hood. So sure, you know, we have a nice UI for security folk to play around with and configure scans manually. But we're built for developers to own the security testing process, as I mentioned, and if you sign up for our free account, you'll see this very, very nice UI. But you'll also immediately notice that you can run scans via the CLI repeater, installed by Docker Compose, NPM, Win, and can actually configure your scans as code. With a global YAML configuration-based files integrated into your CICD. For more info, you can obviously go and see our docs for a full command list. So you can actually stay in your terminal to manage these scans.
So how can you start automating your security testing today? Well, in terms of coverage, we've got you. With Eurolegion, you can start scanning every build for security vulnerabilities as part of your CI, whether that's against your web apps, your internal apps, or indeed against your APIs, whether that's REST, SOAP, or indeed GraphQL. Microservices and single-page applications are fully supported, whether pointing our scanner to a local or, indeed, a production URL, whether we are ingesting your API schemas or, indeed, Postman collections, or whether you're uploading your HTTP archive files, your HA files, into our engine.
This means you can really define the scope of the security test, perhaps against a single entry point or a single end point, or against a specific new feature that you've just made. These discovery methods can be run separately or, indeed, concurrently, meaning you can handle client-side dynamic content, JavaScript, and more. Are you using Selenium or, indeed, Cypress, for example? Well, you can start leveraging those existing functional scripts and get scanning with these half-files. This means your developers and QA can now start working together, treating security bugs like your functional ones without the need to be a cybersecurity expert.
Either way, scans are fast, running in minutes or hours, not days, maintaining your DevOps speed. The more you can find and fix, though, the better. We have a comprehensive list of testing categories, covering the OS top ten, the OS API top ten, the MITRE25, and indeed more. Additionally, our engine understands the context, understands the responses that we're getting back from the application server. And we can actually use this to test for business logic vulnerabilities. Not just your trivial injections, but how can our engine bypass the logic or the validation mechanisms in your applications and APIs, removing even more manual security testing and truly putting security testing into the hands of developers. Authenticated scans are fully supported to maximize coverage, whether using formal authentication or header authentication, NTLM, or indeed custom multitask authentication amongst others. We've got you covered in that respect.
Comments