Web vulnerability scanning: Vex-Vulnerability Explorer?

What is Vex-Vulnerability Explorer?

Vex-Vulnerability Explorer is a web vulnerability scanning tool in the area of DAST (Dynamic Application Security Testing) that offers high detection rate, clearly presented both the test details as well as test results reports and trusted user support.

Vex is rated no.1 in Japan and has been supporting multiple vendors with high quality scanning services since its release in 2007.

Key Features:

1. High detection rate

Vex development engineer has comprehensive understanding on scenario creation methods and vulnerability assessment which are obtained through assessment services.

This enables high detection rate through scenario creation ability where it focuses on repeatability of a target.

Vex applies three scenarios creation abilities to reproduce the transition of a target page, making it able to scan complex application.

– Auto-crawler involves Auto-crawling the URL specified within the target web application to allow Vex to register target pages.

This scenario creation is useful specifically for corporate sites with inquiries.

– Page transition

Vex allows the tester to create page transition of target pages after logging the pages that have been accessed by the tester and shows page transition flow graphically.

Page transition scenario creation is beneficial for search engine, membership sites that involve login authentication.

– Handler

This features enables users to define detail scanning setting per request for proxy. Handler scenario creation is handy for websites that control transition destination with script like JavaScript and Ajax.

2. Prompt action against new vulnerabilities

Vex offers rapid action against new vulnerabilities through assessment services, security vendor and customer feedbacks.

Vex performs practices updating on new features, features improvement, bug fixes and new payloads for every 3 months. Therefore, new vulnerabilities will be updated at regular update.

In case of high risk vulnerabilities, where it can causes critical damage, irregular updates will take place where Vex provides quick response upon report through the release of urgent update.

3. Clearly presented report

Vex offers clear presented report where it provides scan results, details of vulnerabilities, recommended remediation action and essential information of remediation.

Its multiple report templates allows users to choose the templates that meet the need for their report presentation which include:

• Page transition (where it can be shared with the development team in Ms Excel format.
• Scan results report which can be generated in Ms Word or XML format are suitable for providing reports to customers and managers.
• Target information that can represented in CSV format.
• Checklist of scan result that can be viewed in either Ms Excel and CSV format.
• Regulatory compliance report (including PCI DSS, OWASP Top 10)

4. Reliable and trusted support

The support team works closely with the development team in supporting users’ scanning activities.

Users are provided with reliable support from scan settings, scan results to Vex features and specifications.

Support can be obtained 24 hours via email.

Additional features:

• Integration with CI tools
• Android static analysis options

Benefits of Vex

1. Enhanced security

• Vex allows you to ensure security through performing security assessment anywhere, anytime and at any stage of development.
• Vex realises DevSecOps faster as well as maintaining high security standard through CI tools integration.

2. Efficient security assessment

Vex is Customisable and specifically designed to solve the common problems of security engineers, such as workload, limited lead time, and limited human resources.

3. Flexible deployment

• Vex can be operated through a browser as web applications. This eases the collaboration between security engineers.
• Vex also works on mobile PC on premise, making security assessment on premise possible.

License structures

Vex’s license structure include:

1. Developer edition – For security assessment of Web applications that is developed or operated on premise.
2. Auditor edition –  For auditors to provide vulnerability assessment services without being limited by the number – including one user account.