- CPS Security Business HOME
- Handling Manufacturer
-
Solution service
-
column·
example
- Document
-
Seminar
On-Demand Video
- Inquiry
Black Duck Software
Black Duck Software
What is Continuous Dynamic™?
This is a tool and service for performing vulnerability assessments on web applications, detecting vulnerabilities through external assessments.
By conducting continuous diagnostics rather than one-off ones, we can quickly diagnose changes and updates to the numerous web applications within the company, even when changes and updates occur.
Functions and Features
Accurate diagnosis using tools and manuals
While the tools are fundamental, engineers at the Black Duck Threat Research Center (TRC) (hereinafter referred to as TRC) reduce false positives by performing crawling, configuring diagnostic tools, and checking for vulnerabilities.
Secure diagnostics in a production environment
POST requests, user and group creation/deletion, and contact form functionality are carefully and manually tested by TRC to ensure they do not affect the target system. Custom testing can be requested for each site, including specifying which tests or activities to prohibit, or implementing more aggressive testing, allowing for diagnostic testing of the production environment.
Quick retest
This is a continuous diagnostic service, and you can retest each detected vulnerability at any time you like. If you want to see the results of fixing vulnerabilities immediately, you can perform the diagnostic test without waiting for the next continuous diagnostic session.
User-independent testing
Because TRC performs the analysis, there is no need to prepare test scenarios or page transition diagrams. You can start the diagnosis with only the target top URL, credential information, and test schedule, and the diagnosis is independent of the user's skills.
Business logic assessment
Complex websites, such as e-commerce sites, require complete manual testing, but this can be done by combining continuous diagnostics with a Business Logic Assessment (BLA).
Service (license) model
There are three versions available: Basic Edition (BE), Standard Edition (SE), and Premium Edition (PE), and you can select the appropriate license for each site.
Generally, BE is applied to simple sites that only provide information, SE to sites where searches and registrations occur, and PE to sites that require consideration of complex business logic.
| Premium Edition(PE) | Standard Edition(SE) | Basic Edition(BE) | |
| Continued diagnosis | ✔ | ✔ | ✔ |
| Verification of detection results by TRC | ✔ | ✔ | ✔ |
| Immediate retesting of individual vulnerabilities | ✔ | ✔ | ✔ |
| Production safe | ✔ | ✔ | ✔ |
| Access to security engineers | ✔ | ✔ | ✔ |
| Tool Configuration / Form Training | ✔ | ✔ | |
| Single-page application | ✔ | ✔ | |
| Testing on sites that require authentication | ✔ | ✔ | |
| Business Logic Testing | ✔ | ||
|
|
|
Deployment configuration
This service is clientless as it involves external diagnostics.
Please allow access from the IP address used for the diagnosis.
If it's a completely internal site, there's also a method to allow communication by installing an appliance on the target server.
FAQ
Is there a limit to the size of the site that can be diagnosed with one license?
No, you cannot. However, it must be on the same domain as the registered top-level URL. A certain number of subdomains can be registered, but there are conditions such as them having essential functions for the site on the top-level URL's domain and being accessible from the top-level URL's domain.
How long does the diagnosis take?
Depending on the size of the website, it can take as little as half a day, or a week or more for larger sites.
Can you show me the results of the site crawling?
Yes, it is possible. You can view the URLs of the endpoints that were identified as targets for diagnosis after crawling. You can also add or exclude endpoints from the diagnosis.
Is a trial available?
Yes, it is possible. Please contact us for details regarding terms and conditions.
