Obtenga una visibilidad real de la seguridad de sus aplicaciones web con nuestro galardonado enfoque colaborativo para las pruebas previas. Nuestro motor de análisis nativo de la nube y nuestro panel interactivo vuelven a poner el control en sus manos, ya que se integran a la perfección con su ciclo de vida de desarrollo de software, para garantizar que su organización se mantenga a la vanguardia del panorama de amenazas en constante evolución.
Integrate with your source code repository in just a few clicks. Once the repository has been added to the project list, you are good to start the scanning from the Scan Now button. You’ll then receive an email confirming the project scan has started. As soon as the scan completes, you’ll find a similar confirmation delivered to your inbox. No time wasted.
Instantly see which software library or package is out-to-date or vulnerable to known exploit. Know which category a library or package belongs (e.g., development tools, frameworks, database, frontend libraries). Examine license details to uncover possible license restrictions, obligations, or compliance issues.El proceso de análisis de vulnerabilidades puede activarse inmediatamente con el botón «Escanear ahora» o programarse para fuera del horario laboral. Utilizamos un enfoque de múltiples herramientas, tanto de código abierto como comerciales, para cubrir la máxima superficie de ataque y minimizar los falsos positivos. Los resultados se entregan en tiempo real a medida que se completa cada herramienta. Si lo desea, puede configurar, seleccionar y elegir las herramientas que desea utilizar contra el objetivo.
Identify vulnerabilities in your software components, open-source or third-party dependencies and packages. Click on a CVE ID to drill down into specific details. Review important information about the selected vulnerability, including the impacted package, severity level, CVSS, description, and a list of URLs for additional reference. Identificamos y explotamos las vulnerabilidades relacionadas con las aplicaciones desde la perspectiva de un hacker mediante pruebas de caja negra y gris. Al interceptar y manipular los parámetros, los campos ocultos, las solicitudes HTTP y los puntos finales de las API, revisamos todas las funciones de las aplicaciones para descubrir las debilidades en el diseño y la implementación de los controles de seguridad. Cada punto de entrada y salida de la aplicación se analiza minuciosamente para detectar las vulnerabilidades heredadas e inherentes a la plataforma. Nuestra metodología sigue los principales estándares de seguridad del sector, OWASP y OSSTMM.
Generate comprehensive SBOM and vulnerability reports, including all dependencies, fixed versions, vulnerabilities, and licenses. Provide well-organised PDF documents with actionable insights and audit-ready information to developers, IT teams, auditors, software vendors, and other stakeholders.
Entregamos tres informes procesables con código de corrección para sus desarrolladores, la administración y sus clientes. Usted actualiza el estado de la vulnerabilidad en el panel de Blacklock a medida que su equipo avanza en la corrección de las vulnerabilidades, y nosotros realizamos la nueva prueba sobre la marcha.
Al ciclo inicial de pruebas de penetración le sigue un análisis de vulnerabilidades automatizado, periódico o programado, en todas las capas de aplicaciones e infraestructura, para mantenerlo informado sobre las vulnerabilidades recién descubiertas y cumplir con estándares como PCI, ISO 27001, SOC-2, HIPAA y GDPR.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Enean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Enean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Enean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Enean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Enean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Suspendisse varius enim in eros elementum tristique. Duis cursus, mi quis viverra ornare, eros dolor interdum nulla, ut commodo diam libero vitae erat. Enean faucibus nibh et justo cursus id rutrum lorem imperdiet. Nunc ut sem vitae risus tristique posuere.
An SBOM, or Software Bill of Materials, is a detailed inventory of all software components, libraries and open-source and third-party dependencies of your application. .It’s critical to identify out-of-date softwares and their related vulnerabilities, ensuring compliance with licensing requirements, and mitigating risk in software supply chains.
U.S. Government Cybersecurity Executive Order 14028
Requires organisations to submit an SBOM for each product sold to US federal government agencies.
US FDA (Food and Drug Administration)
Section 524B of the FD&C Act now requires manufacturers of certain "cyber devices" (medical devices with software and internet connectivity) to include an SBOM for the commercial, open-source, and off-the-shelf software components of their devices.
PCI DSS (Payment Card Industry Data Security Standard) v4.0 and above
Includes provisions aligned with SBOM usage. For instance:
6.3.2: Organizations must maintain an inventory of custom and third-party software components
6.3.3: Software must be kept up to date through security patches
EU CRA (Cyber Resilience Act)
Requires digital product manufacturers, including their associated distributors or importers, selling in the EU to include a top-level SBOM when submitting technical documentation for their products.
Australian Cyber Security Centre (ACSC) Guidelines for Software Development
Advises software developers to provide their customers with a Software Bill of Materials.
Anyone who needs a detailed inventory of software components and the associated vulnerabilities. This includes software development, product owners, security teams, DevOps, DevSecOps, procurement, and compliance teams.
Blacklock supports Github integration, which allows seamless and secure access to your code repository. You can update or remove the repository at any time.
Our tool analyses supported libraries and package versions in your codebase against public vulnerability databases such as the National Vulnerability Database (NVD). It identifies vulnerabilities based on supported component versions, providing you with actionable recommendations to prioritise and mitigate risks.
Our tool shows the current and latest versions of each component in your SBOM. This makes it easy for you to determine upgrade priorities and ensure you’re using the most secure and up-to-date versions of your dependencies.
We recommend running scans regularly, especially after updates to your application or its dependencies. Continuous scanning ensures you stay ahead of emerging vulnerabilities and maintain a secure software supply chain.
SBOM scanning focuses on analyzing software components, open-source and third-party dependencies and packages prior to deployment. It identifies vulnerabilities linked to specific packages or libraries. Vulnerability scanning, on the other hand, examines the deployed software or system itself in a live environment. It detects misconfigurations, application layer vulnerabilities, open ports exploitable vulnerabilities. Together, they provide software security at different stages of the development and deployment lifecycle.
The duration of an SBOM scan depends on the size and complexity of your project. For small and medium-sized projects, scans are typically completed within a few minutes. Larger projects with extensive dependencies may take longer. That being said, the process is designed to be efficient to minimise delays in your workflow.
The service can be purchased via the Buy Plan page from your Blacklock account. The pricing is per repository on either a monthly or annual plan. Choose the plan that best fits your current needs and budget. As your organization grows, you can easily scale up and add more repositories as needed.