HOW IT WORKS

One platform. Eight engines. Zero false positives.

INFRA builds automated solutions that include scanning and hacking technologies for Assessment and Intelligence. A heuristic, machine-learning approach finds and validates what signature databases alone can never see.

THE PIPELINE

STEP 01

Heuristic Discovery

Rather than a simple signature database, INFRA uses a trial-and-error approach — fuzzing, bruteforce and machine learning to create rules-of-thumb based on previous experiences, yielding educated guesses at potential vulnerabilities including 0days.

STEP 02

Automated Exploitation

Whenever possible, INFRA automatically exploits detected vulnerabilities to validate them. Especially effective on databases and web applications — even heavily customised ones with no CMS version to match in the database.

STEP 03

Continuous Validation

Standardised checks across IoT, servers, databases and web applications run continuously — delivered as SECaaS on a device, virtual machine or in the cloud. All OWASP Top 10 vulnerabilities are tested carefully.

TECHNOLOGY

Three engines. One assessment platform.

IG — Information Gathering

Modules that search for required information in security and intelligence modules to run deeper target and company analysis.

OSINTRECON

SA — Service Assessment

Identify doors, services, OS and software versions, and create rules to launch further modules over the revealed services.

PORT SCANFINGERPRINT

US — User & Session

Modules created to search vulnerabilities related to users, cookies, login, multi-session and related attack surfaces.

AUTHSESSION

VA — Vulnerability Assessment

Search vulnerabilities related to system and network — configuration errors, buffer overflow, software obsolescence and network-related problems.

CVE DBCONFIG

WA — Web Assessment

All OWASP Top 10 vulnerabilities are tested very carefully against servers, services and web applications, including fuzzing.

OWASPWEB APP

DB — Database Assessment

Modules that search database-related vulnerabilities, including automated injection and bruteforce attacks.

SQLINJECTION

IF — Intelligence Framework

Extra modules that look for the required information used by other security modules — the intelligence backbone of every scan.

ML MODELSINTEL

EM — External Modules

INFRA can connect to optional commercial and open-source vulnerability scanning software, incorporating their results into its own analysis.

INTEGRATION3RD PARTY

WHAT WE SCAN

IoT Devices

Servers

Web Applications

Databases

Cloud Infrastructure

Internal Networks

Hardware Appliances

OT / SCADA

Ready to automate your security assessments?

INFRA is available as SaaS, virtual machine or hardware appliance — continuous assessments with zero false positives.

View products