Modern security tools fail to understand the complete context of web applications. This can expose deficiencies in their scanning approach.
Common security issues, such as password length, access controls and authorization controls are not typically covered by “off-the-shelf” security tools.
Uleska allows specific, one-off, setups to be applied to your testing profiles, allowing it to understand how your software works and the nature of the data it’s handling
Combining this knowledge with the vulnerabilities and issues found by Uleska’s own enhanced ASTO engine, along with commercial and open source tools, means that we provide you with a unique, digestible view of your real risk.
For example, for some tools, an SQLi is just that – an SQLi. All instances of this type of issue will be reported with the same criticality, meaning software teams need to triage the context of each issue or fix them all with the same priority.
However, when Uleska finds an SQLi, it combines that issue with its knowledge of the software’s context, interfaces, and data sensitivity.
It can be quickly configured with contextual information during onboarding, or can automatically scan your source code, or web traffic, to understand deeply how your project works.
This means an SQLi on an unauthenticated page of an internet facing web-application, handling financial information, is rated more critical than an SQLi on an authenticated page that doesn’t handle any sensitive data types.
Combine this with a configurable understanding of your application’s roles, interfaces, and security standards, and Uleska has a unique view of how your application works and what access rights users should have while navigating your web application.
This allows Uleska, and the enhanced ASTO engine, to run contextual security testing, designed to address issues that a standard security scanner cannot cover.
This means that an organisation with sensitive, financial or any other kind of private data can be assured that their security is being proactive in finding any potential threats to their clients or customers.