Vulnary is a Windows-based framework that is capable of collecting all information regarding the system and the processes running on it. Using this information Vulnary can truly understand how a process is operating on the system and more importantly can detect serious software vulnerabilities. So it does not test applications, it tests the system and makes predictions by the events of the operation system. By this technique, 0day vulnerabilities in huge numbers of applications can be found starting with less known softwares to the products of the biggest vendors as well.
How you can use the service:
- Subscribe for the suitable service (request 10, 20, or more software tests for each month)
- Based on a previously agreed monthly limit due to your subscription, you can request software analysis for any application you wish (if the application needs a license, you have to provide that)
- We analyze the system with the requested application within the next couple of business days and after that, we send you a detailed report about our findings. You do not have to care about False Positive tests, you will get only examined and 100% certain findings in your report. These reports include:
- – information about the application: how the application operates, what was changed on the system by the application, what new components, services, and files were brought to your system
- – warning about things you have to consider: application running level which may cause problems, missing or poor mitigation policy on sensitive processes, sensitive used data access
- – alert about software vulnerabilities: serious vulnerabilities which bring an attack surface to your system. These can be command injection, privilege escalation, code injection, insecure Registry usage.
- – This report will be shared only with you and you will be fully responsible for keeping this information confidential. However, with this, you can make decisions about using the tested software or not. If the application has serious vulnerabilities maybe you would consider using other applications, or you may separate the application for another system in a careful way.
If you would like to get the problems we found fixed, you can request us to report the vulnerability to the developer and manage the fixing process. As a final step, we will notify you at the end of the process.