FuseSoft Developer/Security Blog


2016/01/15

Hello World

Hello There!
Thanks for visiting FuseSoft; we're glad you're here. First let us tell you a little bit about us and what we are trying to do. We are a StartUp based out of Memphis, TN comprised of security professionals with over 10 years experience working for large Enterprises and Government Organizations. Our Engineers have worked for some of the Fortune 100 companies and have industry experience like no other. We deeply understand the needs and challenges of organizations large and small. We specialize in Application Security, Penetration Testing, and Red/Blue Team activities.

In every organization we have worked, there has always been a need to Report Risk, Track Risk, and Manage your security teams effectively. Many organizations we have worked for have either built a tool to do this internally or have tried to use some COTS product that does most of what they need but is actually quite a bit of a headache to work into the assessment process.



Introducing Faction

Because of this challenge we have all experienced we are excited to present our first product FactionFaction is built by penetration testers, for penetration testers, but with a special attention to project management teams like Engagement and Remediation. Faction focuses on your manual testing teams but also allows automated scan tools to submit results into Faction. Faction is built from the ground up to have a low overhead to learn and use for your entire security team. Take a look at the features our initial product offering already has that your organization can leverage to add efficiency to your assessment process.

  1. Assessors begin with an assessment queue so they can see what assessments are assigned each week with system information and credentials populated in the queue so they are ready to start Hacking when an assessment is assigned. 
  2. Built in Social Network for assessors and team members to share issues they are finding as well as ask questions of the team.
  3. Simple intuitive interface for adding vulnerabilities with screenshots and exploit steps into the Faction
  4. Assessment History so assessors can quickly see open and closed issues when a system is assessed multiple times. This allows the assessor to know which areas to target and ensure they are aware of open issues.
  5.  Customizable Vulnerability Database to auto populate your most common found issues like XSS, SQL Injection, CVE's, etc. Descriptions and Recommendations of issues are auto populated into your reports so you don't have to re-write the same verbiage for every report when these issues are found.
  6. Fully Customizable Report Generation Engine. Upload images, customize themes, and a list of Macros to auto populate things like Assessment Name, Assessor names, List of Discovered Vulnerabilities, etc. We currently have 21 macros defined and more to come.
  7. Assessment Project Management engine for Engagement Teams. Project Managers and Team Leads can assign assessments to available assessors, easily see which assessors are available and how is not, and enter all required information that the assessor will need to start the assessment.
  8. Remediation and Vulnerability Tracking engine. This allows remediation teams to be alerted when vulnerability fixes are coming due, easily assign available assessors to test fixes, and track passing and failing of vulnerability fixes.
  9. Python Based API to integrate with other systems.
  10. Burp Suite integration for Application Security Assessments that shows the user's assessment queue, assessment history, and access to previous assessment vulnerability details.
 Whew! That's a lot of features for an initial product offering and that's just the high level. If managing manual security assessments has been a pain for your organization or you want to enhance your existing assessment process then schedule a demo with us at hello[at]fusesoft[dot]co.

No comments:

Post a Comment