Actu
VUPEN Security Launches the Exploits & PoCs Service for Security Vendors and Penetration Testing Pro
June 2009 by Marc Jacob
VUPEN Security, a security research company, announces the availability of the VUPEN Exploits & PoCs Service providing private exploit and proof-of-concept codes developed by VUPEN team of reverse engineers and security researchers.
The service enables security vendors (antivirus, IDS, IPS and vulnerability management providers) to supplement their internal research efforts and quickly developp vulnerability-based and/or exploit-based signatures and rules to proactively detect and protect against potential or real threats (defense). The service also allows security professionals (Pentesters, Consultants, Engineers, and CSOs) to regularly perform penetration testing and identify the latest vulnerabilities (offense).
Although there are many ways to secure systems and applications, the only way to truly know how secure is your network is to test yourself. By performing penetration tests against your environment, you can replicate the types of actions that a malicious attacker would take, giving you a more accurate representation of your security posture at any given time. Maintaining a secure network requires constant vigilance and regular security testing with the latest exploits and PoCs.
VUPEN team of security researchers and reverse engineers analyse new vulnerabilities and security patches, and develop exploit codes which allow security professionals to perform regular penetration and security testing using commercial-grade exploits, identify actual and exploitable threats within their systems and networks, distinguish real security threats from false positives, evaluate the effectiveness of existing security policies, protection products, and patches, achieve and maintain compliance e.g. PCI or ISO 27001, and improve security of systems and networks.
With each exploit or proof-of-concept, VUPEN Security provides an in-depth binary analysis of the exploited vulnerability to allow security vendors (IDS/IPS, Anti-Virus, Firewalls, Content filtering, etc) to reduce costs related to internal research, analysis of vulnerabilities, or reverse engineering of binary patches, cut-time and quickly develop exploit-based and generic signatures or rules, verify the effectiveness of existing signatures or rules, distinguish real security threats from false positives, improve quality of their security solutions and increase competitive advantages.
The service is available on an annual subscription basis.
