Nexpose

Rapid7 provides the world's highest level of vulnerability diagnosis technology and provides direction for security policy establishment to protect important IT assets and information from external attacks. Key supply products include Nexpose (vulnerability assessment and management), Metasploit (mock exploit test), and AppSpider (web vulnerability assessment and management).

• Provides security vulnerability checking and management for all IT infrastructures such as the OS, application, system, database, virtualization, mobile, and cloud
• Provides more than 180,000 inspection methods for more than 75,000 vulnerabilities in agentless manner
• Acquired the CC EAL3+ Certification and CVE Compatibility Certification (information security vulnerability standards)
• Offers the OWASP Top 10 web application vulnerability diagnosis and PCI, SOX, HIPAA, and SANS Top 20-based diagnosis
• Provides the Common Vulnerability Scoring System (CVSS) score and risk score for each vulnerability discovered after a check: Convenient for the administrator to respond immediately to the vulnerability
• Log-on and operation through encrypted HTTPS connection are available. Nexpose supports the latest versions of Internet Explorer, Chrome, and Firefox's Web Browser GUI
• Manages vulnerabilities in groups by classifying the operating assets following various criteria, such as service, physical area, IP band, OS, policies, vulnerability index, etc.
• Among the detailed assessment items included in the ISMS Certification criteria, the product can perform risk identification and assessment of controlled items, identification of information assets, allocation of responsibility for each information asset, patch management, security of public servers, and vulnerability checks
• Supports an operator manual, reports, and GUI in Korean
• It provides reports in 20 formats (PDF, HTML, RTF, XML, CVS, etc.), and operators can also create reports in other formats
• Nexpose can be interlocked with a 3rd party (SIEM, log management, IDS/IPS, etc.) through open API, which instantly establishes security policy
• Interlocked with Metasploit, it performs mock exploits based on the vulnerability check results to assess risk levels

Metasploit

Metasploit is a mock hacking solution that uses a variety of actual hacking techniques that are practiced in the real world. This is to verify an IT infrastructure's ability to defend against external attacks and to identify vulnerabilities exposed to threats. The solution also evaluates the security consciousness of the members of an organization by a method of social engineering, which can be used as a basis for essential security education materials.

• An automation tool that provides more than 2,500 exploit modules, making it easy to perform full inspection with no hacking expertise
• Earned CC EAL3 + Certification
• Performs safe, automatic, and agentless mock hacking by automatically searching information of IT assets
• Assesses risks immediately on a group-by-group basis, depending on the priority of assets, and establishes rapid improvement measures
• Quickly assesses zero-day vulnerabilities and takes rapid countermeasures by setting priorities to prevent exploits in advance
• Provides various mock hacking techniques, such as brute force, antivirus bypass, server-side attack, client-side attack, proxy pivot, VPN pivot workflow, web app audit, web exploit (OWASP Top 10, XSS, SQL injection), social engineering, etc.
• The reports for phishing tests include comprehensive statistics and user-specific responses
• Reports available in 10 formats (PFD, MS Word, HTML, RTF, etc.)
• New hacking techniques are routinely updated from over 200,000 user groups
• Mock exploit testing using vulnerabilities discovered through the interworking of Metasploit and Nexpose is available. The user can assess the actual risks and take appropriate precautions

Appspider

AppSpider is a solution that automatically diagnoses all vulnerabilities in various web applications and provides countermeasures. It uses sophisticated attack testing techniques to eliminate false negatives and positives, boasting the highest accuracy in the industry.

• Provides vulnerability diagnosis of the latest web/mobile frameworks (JSON, REST, SOAP, XML-RPC, GWT-RPC, AMF, ReactJS, AngulaJS, etc.)
• Vulnerability diagnosis based on the OWASP Top 10 and SANS/CWE TOP 25 available
• Enables safe diagnosis without attacking the real server, and verification by re-attacking detected vulnerabilities is available
• Provides diagnosis of vulnerabilities related to server information leakage (hard-code password, software version, DB path information, web page path, etc.)
• Provides reports on different compliances (OWASP Top 10, DISA STIG, PCI30, FISMA, SOX, CWESANS, PCI, GLB, HIPAA, etc.)
• You can check the real-time progress of a vulnerability check and adjust the scan speed and traffic load in real time
• AppSpider generates the signature of web vulnerability diagnosis results and registers findings in the interlockable WAF/IPS, so the results can be immediately reflected in security policies
• Interlockable products: Secui MFI, F5, Sourcefire, Imperva, NitroSecurity, ModSecurity, DenyAll, and Barracuda