nFuse SECaaS, preemptive security

Dec 24, 2018 | blog

nFuse will perform a Security Scan on the customers website. This automated scan focusses on the complete website. User registration can be included if needed. The security scan is executed with an up-to-date security scanner that covers the OWASP Top 10 (2018) vulnerabilities. nFuse Security* is an online security scanner that automatically tests your web application for 700+ vulnerabilities. The webscanner is a SAAS (Software As A Service). We perform automatic penetration tests against web applications, based on the OWASP Top 10 specifications, seemingly magic fingerprinting of content management systems, and the very latest trends in vulnerability research.)


Our crawler does not have a cap on any specific limit of URL’s like most of our competitors does. We aim to find all unique code flows on which vulnerabilities may reside, without missing anything of relevance. We do that by finding similarities between different URL’s as well as repeating content by the use of a sophisticated system of clustering algorithms. In other words, we crawl until there’s no more content of relevance instead of stopping at a fixed number of URL’s. Do you know the size of your website? Most organization don’t as there is a large share of automatic and hidden pages. 

Our auditing modules may also find information leakages in your platform (e.g. unlinked files), which in turn may lead to further links to crawl. We do all this to cover as much of your application as possible. We do not believe in caps.

Vulnerability Detection

We cover OWASP Top 10 . That means we find a wide variety of flaws, including SQL, LDAP, XPATH and NoSQL injections, Cross Site Scripting flaws, broken session management, remote code and command execution, malware, etc. 

All our findings are classified according to the CVSSv2 specifications in order to make it easier for you as a developer to prioritize the threats.

Protected reports

The reports are stored on dedicated database servers out of reach from the web servers. The reports are protected from SQL injections by the means of data segregation and prepared statements. If an attacker against all odds were to pull off a SQL injection attack, the only report data he would get would be his own. 

The web servers cannot directly communicate with any report database. All layers of the service happen in different networks to reduce the risk of compromise.

What is included?:
  • Add and verify ownership of the domain you want to test
  • Start a scan
  • Your website is tested for 700+ vulnerabilities
  • New vulnerabilities are added to the scanner every week
  • You will receive descriptive reports with your security issues

Want to learn more?

Just contact us