FuseSoft Developer/Security Blog


2016/11/30

Updates in Faction 1.8

We have added so many new features to Faction 1.8 including  new dashboards, better BurpSuite integration, DOCX Templates/Reports, improved REST API, and better metrics.

If this is your first time learning of FuseSoft and Faction, we specialize in developing software solutions for web and mobile penetration testing teams to enhance assessment collaboration,  remediation and risk tracking, assessment scheduling, and automated report generation. Find out more at https://www.fusesoftsecurity.com. You can also request the free beta and we will provide a demo of all the features and how to use Faction in your assessment process.




New Dashboard and Notifications:

The new dashboard shows all the security assessments assigned to you as well as issues that have assigned for retest/verification of remediation. There is also a section that shows what your current week is like, which assessors your testing with as well as the scope of your assessment this week.



Notifications also alert when Peer Reviews are completed for your assessment reports, when Reports are finished being generated and access to Retest Reports when Verifications/Restests are complete.

Burp Suite Integration:

Most of the same dashboard is available inside BurpSuite so you don't even need to log into the web version when performing your assessments/Verifications. You have the ability to see you assessment queue, verification queue, assessment vulnerability history, and submit vulnerabilities directly from Burp. 

Below is your assessment and verification queues.



Clicking on your current assessment will display the scope and assessment history as well as issues your teammates are discovering in real time.



You can even replay the payloads found by other assessors into your repeater. Every payload saved to Faction will have the option to replay the request inside Burp. This helps not only with your current assessment but also for verification/retests. No longer will you need to find an old burp state to recreate findings for retest. 

Submit Vulnerabilities Directly from BurpSuite :

Any request, response, or scan issue be added directly to Faction from Burp. For instance lets say you find XSS on a site. You can select just the section of the response showing the exploit and have it automatically added into your report. The following example will extract the POST request, the relevant section of the response, and you can add the reproduction steps. We support the Markdown syntax for inserting text and you can search the database for default vulnerabilities(i.e. XSS, SQLi, etc) to add to the assessment. 



Below is the resulting text as shown inside the Faction web application.


And then finally added to the Generated Docx Reports.



Better Collaboration Options:

You can send repeater items, sitemaps, scan issues directly to another user's repeater though Faction. Just right click the request and select the user on your team to receive the payload. They can then replay it with your cookies and information and send it back once a successful payload is found. 


Better Metrics:

You can track risk ratings and vulnerabilities of individual applications as well as campaigns you create. This makes it easy to see the reduction of risk year after year for performing enterprise assessments. 


Better Remediation Tracking:

Know exactly when issues are approaching due dates with the Remediation Queue. You can assign issues to assessors for retest and know when retests are going past due. 



Better Assessment Scheduling:

When scheduling assessments, Faction will alert you when assessors schedules conflict with new assessments when they come up. This ensures your assigning  people who are most readily available to accept new assessment opportunities.


Fully Documented REST API:

Once you have Faction installed, you can navigate to [PATH]/api-docs/ and review and test all the APIs we have made available. This can allow you to tie Faction into other ticketing systems, project management systems, and integrate with other home grown systems. 




Request Your Demo/Beta Today:

You can request a demo to see these features in action and more as well as request the free beta of Faction at https://www.fusesoftsecurity.com.



No comments:

Post a Comment