PT BlackBox

Main article: Vulnerabilities in software and hardware

PT BlackBox Scanner Cloud Service

Main article: PT BlackBox Scanner

2024

Integration with Dev Platform

with VK Tech integrated Dev Platform secure development tools Positive Technologies and GC. Swordfish Security The platform is also integrated with PT BlackBox. VK Tech announced this on June 26, 2024. More. here

Integration with the Sphere platform

PT Application Inspector Application Code Security Analysis System and PT BlackBox Dynamic Web Resource Testing Scanner are integrated with the Sphere Platform. Positive Technologies reported this on June 18, 2024. Read more here.

PT BlackBox version 2.7 with increased rate of analysis of web applications running 1C-Bitrix

Positive Technologies has released an update to PT BlackBox, a dynamic application analyzer, black box security scanner. As of version 2.7, the product can be installed on the company's isolated network. Also among the important improvements - the speed of scanning sites on 1C-Bitrix has been increased by 90%. Positive Technologies reported this on February 5, 2024.

PT BlackBox can now be installed offline in an isolated segment of the company's network without using a local update mirror. This is important when the scanner analyzes an application in an environment that is deployed internally without Internet access. It is this practice that is common in large organizations with high security requirements.

PT BlackBox 2.7 improves product efficiency in several areas:

• The rate of analysis of web applications running 1C-Bitrix, the system used by most potential users of Positive Technologies products, has increased by 90%. This became possible by creating a special scan profile "Bitrix," which selects the most relevant set of checks for this CMS.
• The accuracy of determining the scan speed for typical purposes has been tripled.
• Improved detection of malicious code by optimizing the formation of URLs and HTTP requests, which allows you to more accurately identify vulnerabilities in the early stages of developing a web resource.

In addition, the updated PT BlackBox has become more convenient for the administrator. Added the function of restoring the previous version of the knowledge base of version vulnerabilities - this is important if you need to scan the application with a set of accumulated data. A filter has been added to the page with the scan results, with which you can classify the vulnerabilities found by the level of danger: they are marked "high," "medium" or "low" in accordance with Positive Technologies' own classification.

After the departure of foreign vendors of DAST-class solutions, companies in Russia can still use products with a free license. However, the refinement and continuous maintenance of open source solutions requires additional resources and skills, so it is often more profitable to purchase a ready-made solution, "commented Sergey Sinyakov, head of the PT BlackBox product.

2022

Inclusion in the unified register of Russian software

PT BlackBox dynamic application analyzer is included in the unified register of domestic software. In accordance with the order of the Ministry of Communications of the Russian Federation from December 5, 2022, PT BlackBox is included in the class of means for detecting threats and investigating incidents. Positive Technologies announced this on December 21, 2022.

Vulnerabilities in web applications pose a real threat to business. Exploitation of vulnerabilities can lead to intruders entering the internal infrastructure, theft of confidential data, attacks on service users. According to our data, on average, one site accounts for 15 vulnerabilities, two of which are high risk, "said Ivan Solomatin, head of application protection business at Positive Technologies. - The inclusion of PT BlackBox in the register allows our customers to reduce implementation costs. According to the document, companies using domestic solutions, including in the field of information security, are exempted from paying value added tax.

Since PT BlackBox entered the Russian market in August 2022, it has received two updates. Starting with version 2.4, the product generates requests to confirm version vulnerabilities that are detected using signature analysis. The dynamic analyzer determines the version of the server or program, compiles a list of known vulnerabilities to which they can be exposed, and checks whether these vulnerabilities are closed in the scanned application.

In addition, PT BlackBox now analyzes the security of websites with sequential authorization. Passing authorization chains allows the scanner to completely check the entire application for vulnerabilities, including closed sections, which, as a rule, only administrators have access to. Multistage authorization is most often used if you need to demonstrate a website that is still being developed to an unlimited number of people.

Users of the updated version of PT BlackBox can reuse the authorization profile for scanning. This is most relevant in the development pipeline, when the same set of test data is used at different stages of application validation.

In total, with version 2.4, users will be able to:

• reuse of authorization;
• Adding an authorization sequence
• checking some version vulnerabilities;
• Improved SQL injection search
• Use predefined scan profiles.

Announcement of an on-premium scanner for dynamic application analysis

On August 23, 2022 , Positive Technologies announced the release of the on-premium DAST scanner, focused on searching for vulnerabilities using the black box method.

PT BlackBox

According to the company, the key features of PT BlackBox are integration into continuous integration and continuous delivery processes, heuristic and signature search, vulnerabilities and ease of use. You can install the product in 30 minutes, implement it in a loop in an hour, and after 7 hours from the beginning of the scan, start work on fixing vulnerabilities.

According to a Positive Technologies study, as of August 2022, on average, there are 15 vulnerabilities per site, two of which are high risk. Vulnerabilities in applications (namely code errors or problems with the working environment of an already deployed program) threaten businesses with serious consequences: intrusion of intruders into the internal infrastructure, theft of confidential data or attacks users of services. Given the difficult situation Russian on the market, when many foreign INFORMATION SECURITY vendors left, domestic companies lost the opportunity to provide protection applications using previously introduced foreign DAST products. The solution in this situation is a product from a Russian information security vendor.

The PT BlackBox security scanner detects vulnerabilities and errors in the application environment at runtime (from the OWASP Top 10 list, as well as the most popular and trending vulnerabilities), such as RCE, SQLi, file inclusion, OS commanding. At the same time, PT BlackBox scans twice as fast as DAST solutions available for August 2022 on the Russian market, which are mostly open source.

The trend for the use of open source software in dynamic testing was formed in the spring of 2022, when foreign DAST suppliers left the Russian market. However, in addition to the opportunities that open source software opens up, the obligations imposed on companies have been laid bare. These include modifying the software for product tasks, having a narrow specialization team, providing information security for specific libraries, and taking risks associated with an increased number of open source vulnerabilities. So, according to analyticsSwordfish Security, as of August 2022, at least 30-40% of the component from repositories that contain dangerous vulnerabilities is used to create software products in Russia. Therefore, the level of development of open source software encourages companies to shift their focus to Russian products based on the expertise of information security vendors.

For the convenience of working with PT BlackBox, as well as for the reliability of software deployment, it is possible to implement the scanner into continuous integration (CI) and continuous delivery (CD) processes: scanning can be launched in parallel with acceptance testing, as well as after testing and installation of the application. In addition, PT BlackBox can be used to manually scan applications on the Internet.

The advantage of using the Positive Technologies dynamic analyzer by developers, testers, information security specialists and DevOps (development & operations) is that the product acts as an additional reviewer: by using the black box method, it not only detects configuration problems in the infrastructure, but also determines which vulnerabilities, for example, identified during static analysis, can actually be exploited by attackers in attacks. This allows you to fix vulnerabilities in the early stages, as well as detect errors and vulnerabilities that could not be found by other methods.

According to the results of our tests, DAST solutions better identify vulnerabilities associated with flaws in the configuration of security mechanisms, errors identifications and, authentications as well as outdated versions of the software used (all threats are included in OWASP Top 10). Vulnerabilities of these classes are discovered by working with a scanner with an already deployed application. Many of these vulnerabilities have an average or high degree of risk due to the possibility of unauthorized access to the application or user's personal account, which means they require immediate elimination. told Oleg Khaladzhiev, head of the quality assurance group PT BlackBox

PT BlackBox will allow organizations of all sizes, including the large enterprise segment, to optimize application security and more efficiently build a secure development process.

PT BlackBox is built on dynamic application analysis technology and contains expertise from the PT Security Analysis Center SWARM and the cyber security PT Expert Security Center. Dynamic analysis technology is also used in other Positive Technologies products, which optimizes their effectiveness. In particular, it is used in the PT Application Inspector security analysis system to confirm the vulnerabilities found in. source code At the same time, PT Application Inspector retains the DAST kernel as part, but sight from the point of construction DevSecOps of -processes in the company, PT BlackBox in combination with PT Application Inspector is able to identify vulnerabilities as efficiently as possible. In addition, the DAST kernel is used firewall at the application level to PT Application Firewall scan part of server the applications and in the system for monitoring security and compliance with standards 8 MaxPatrol to search for web vulnerabilities within the perimeter.