About Us
中文/English
DevSecOpsAISecOpsCNAPP

Lijian
Interactive Application Security Testing System

Product Introduction
Lijian interactive application security testing system focuses on solving application security problems during the testing phase of the software security development life-cycle (SDL). Lijian IAST uses the fusion architecture of request-based and code dataflow technologies. It makes use of IAST technology, which is rated as one of the top ten information security technologies by Gartner, and combines the advantages of SAST and DAST to achieve high detection rate and low false alert rate. At the same time, it can be located to API interface and code snippet, and can be integrated seamlessly in the testing phase. It can detect the application's own security risks with high accuracy and help to sort out the software components and vulnerabilities, which can secure customers’ system before go-live.
Product advantages

Integrate with testing process without cost

  • A variety of collection methods for traffic and code data flow which will not affect the work of testers, without extra work.
  • Project members are completely unaware of access methods such as inserting AGENT, traffic image, and traffic messenger.
  • Enhance security capabilities of project members who do not understand security, and solve project security risks together.
  • It can perform security testing and functional testing simultaneously without changing the existing testing process.

Innovative interactive detection scheme

  • Obtain traffic and code data flow through normal function test operation of users
  • It can combine the traffic and code data flow to judge vulnerability comprehensively, with full coverage and almost zero false alert.

Cover comprehensive business scenarios

  • The inserting mode does not require replay requests and it can cover all one-off interface scenarios, such as TOKEN, verification code, and anti-replay.
  • Code data flow can obtain code context, cover service scenarios such as bidirectional encryption and request content encryption.
  • Traffic collection is convenient and transparent, covering mobile and PC scenarios where HTTP/S traffic is accessed.

Code-level vulnerability details

  • The vulnerability information can help directly locate the content and location of the vulnerability code, and restore the code data flow.
  • It provides the most complete vulnerability details and remediation solutions to help R&D personnel understand and patch vulnerabilities independently, reducing communication costs between security personnel and R&D personnel.

Comprehensive risk detection capability

  • Common risks can be detected, and patent-level detection methods can be used to do the automation testing for logical vulnerabilities such as horizontal and vertical overreach.
  • Help project managers sort out software components and visualize the risks in software components.
  • Vulnerability rules can be customized to enable the platform more suitable for the organizations's own business scenarios.
  • Original privacy data leakage detection technology can guarantee the compliance of data privacy standards for application before release.

DevSecOps solutions

  • Provides a Jenkins plugin that can be integrated with the Jenkins platform
  • Vulnerability information can be synchronized with Jira with one-click and integrate with the DevOps process seamlessly.
  • With open functionality API, it can integrate internal CI/CD platform and build automation security testing process.
  • Compatible with Jenkins Pipeline and integrate security into CI processes.
Product features

Integration with the testing process

Interactive methods are used to assist non-security personnel in vulnerability testing. Various access methods can help to solve the limitations of many scenarios in traditional scanning methods, so that everyone participating in the test can become a security expert and solve the problem of security manpower shortage.

Comprehensive interactive application security testing

It utilizes the fusion architecture based on two interactive technologies like request and code data flow, which combines the advantages of SAST and DAST, to detect the vulnerability of the project with almost no false alerts. It can cover logic vulnerabilities, general vulnerabilities, 1Day vulnerabilities, third-party component risks. There is no replay request and no dirty data in detection method. As for scenarios, it can cover one-off interfaces such as encryption and verification codes, which can cover all scenarios.

Vulnerability lifecycle management

It covers all stages from vulnerability creation to correct remediation to help testers and developers understand and patch vulnerabilities faster, reducing communication costs between security personnel and project members.

Integration with third-party platforms

It can be integrated with Jenkins and synchronized with Jira with one-click. With open API, it can automate all functions through API. The flexible call method can be well integrated with the internal platform of the organizations.
DevSecOps
Lijian Interactive Application Security Testing System
Lijian Software Component Analysis System
Lijian Static Application Security Testing System
Lijian Software Threat Analysis Center
Lijian Development Security Management Platform
AISecOps
Huanzhen Advanced Threat Hunting and Attack Tracing System
Renjia Cyber Attack Disruption and Control System
Fire Cloud XDR Security Operation Platform
Xunshao Intelligent Asset Risk Monitoring System
CNAPP
Shangfu Cloud-Native Application Protection Platform
Xiaoming Cloud Security Posture Management Platform
Company
About MoreSec
Hangzhou MoreSec Technology Co., Ltd.
Tel: +86 571 57890068
Email: market@moresec.cn
Headquarter: Building 3, Zhengqin Meipei Creativity Park, No. 2616, Yuhangtang Road, Yuhang District, Hangzhou City, Zhejiang Province, P.R. China.
Branches: Beijing, Shanghai, Guangzhou, Shenzhen and other 20+ provinces
Copyright © 2023 MoreSec Technology. All rights reserved