Nemasis is a Vulnerability Management Suite which assists in implementing a comprehensive GRC (Governance, Risk Management, and Compliance) strategy for managing an organization’s overall governance, risk, and compliance with regulations. Nemasis integration with the GRC strategy helps in managing security and compliance to reduce the overall business risk. Nemasis GRC offers various advantages like eliminating redundant cost, performing vulnerability scan in depth, optimizing the investment, securing the business reputation, asset discovery, and more.
Nemasis is used to scan the network vulnerabilities such as open ports, running applications on each system, and active services. Nemasis generates many types of reports based on NIST, OVA, World bodies, and more. Nemasis is supported by almost every platform, systems, applications, databases, devices, and browsers.
Passive Vulnerability Scanner:
Nemasis PVS plugin is an exclusive network discovery and vulnerability testing software that delivers real-time network profiling and monitoring for constant and continuous assessment of an organization’s security demeanor in a non-intrusive manner. Nemasis inbuilt Passive Vulnerability Scanner continuously monitors the assets, such as servers, desktops, laptops, network devices, web apps, virtual machines, mobile, tablets, cloud-based assets, and more, that use IP protocol to determine topography, services, and vulnerabilities. It also tracks the network changes within your organization’s infrastructure. Nemasis provides OS fingerprinting, Service fingerprinting, database password management, and more configuration for Windows platform is currently available.
Internal and External Scanning:
Nemasis suggest using both internal and external vulnerability scan to understand the scope of vulnerabilities inside and outside your organization, as threats can emanate from anywhere. The internal scan assesses your network security from inside your firewall and the external scan is performed remotely from outside.
Compliance and Configuration Assessment:
Nemasis allows fast-track the compliance assessments of network and infrastructure according to industries standard and best practices such as Centre of Internet Security (CIS), Payment Card Industry (PCI), Health Insurance Portability and Accountability Act (HIPAA), OWASP 2010, and many more. It also performs and generates a unified report of configuration and compliance assessment.
Distributed Scanner Support:
Nemasis VA provides Master-Slave support for the purpose of superior distributed and load-balanced scanning and these scanners can be distributed throughout the enterprise network. The Nemasis scanner features, high-speed discovery, configuration auditing, asset profiling, and vulnerability analysis of your security framework. Distributed scanning helps scan a large/distributed network in very less time by putting less stress on the network infrastructure.
Nemasis DAST scans vulnerabilities of websites and web applications (Internal and Public Facing). It not only identifies the vulnerabilities but also finds the security issues within them in the running state and provides recommendations to mitigate the vulnerabilities. It runs on operating code to detect issues with requests, responses, scripting, data injection, sessions, authentication, and more.
Following are key benefits of Nemasis DAST:
- Follows OWASP Compliances (2013 and 2017) with live provision of them on the dashboard and exportable reports for Audit Purposes.
- Scanners are built with a crawl and attack architecture.
- Scans for hidden and other exploitable vulnerabilities (XSS, SQL injection, and others listed in OWASP Top 10).
- Comprehensive application coverage with advanced attack methodologies.
- Compatible with web applications built on PHP, ASP, Java, and many more.
- Complete Audit Services and recommendations for improvement (PCI-DSS status, GDPR status, WHOIS Audit, Domain Audit, Blacklist, Malware Check, Domain Squatting, SSL Audit, Copycat Domain, MongoDB Audit) for dedicated audit reports.
Passive Mode Scanning
- Missing headers related to:
- CSRF Tokens
- Content Security Policy
- Analyzes Cookies, Cookie Poisoning
- Information Disclosure Detection
- Private IP disclosure
- Reverse Tab-nabbing
- WSDL File Scanning
- Cross-Domain Misconfiguration
- PII (Personal Identifiable Information)
- URL Rewrites – Session ID
Attack/Active Mode Scanning
- Remote File Include, Server Side Include Attacks
- Remote OS Command Injection, Remote Code Execution
- Directory Browsing/ Traversal
- CRLF injection, XPath Injection, SQL Injection
- Cross Site Scripting – Persistent, DOM based
- Open SSL Vulnerability (HeartBleed) Detection
- Backup File Disclosure
- SOAP Attacks – Action Spoofing, XML Injection
- ELMAH (Error Logging Modules and Handlers) Information Leak
- Domain Audit
- SSL Audit
- SEO Analytics
- MongoDB Audit
- WHOIS Audit
About Pierre Consulting
- No categories