Venari DevOps Edition enables scaled, automated scans of your web applications, APIs and source code. This scalable, elastic cluster of automated scan nodes is controlled by REST APIs or the Venari UI. Organizations using DevOps development practices can easily integrate security test automation into their CI/CD test pipelines to achieve continuous security assurance.
API Scan Point and Shoot
Venari can import API definitions from many formats including Open API (SWAGGER), postman collections and raw traffic captures. The advanced scan wizard translates key details from definitions and HTTP traffic to automatically generate configuration templates that have authentication, API operation grouping and sequence set up. Starting an API scan after onboarding through the wizard is as easy as one click.
Dynamic, Static and API Scanning
This video shows a single application being scanned 3 different ways. Dynamic (DAST), Static (SAST) and API scans are all configured via a simple UI wizard and then the scans run and the results are aggregated automatically. Security analysis is fully automated with dirt simple configuration that handles login, API auth, concurrency and job queueing.
Venari Quick Start
Onboard a new application with auto-login enabled. Scan the application for vulnerabilities using automatic browser-based discovery and fuzzing.
Record a Login Workflow
When Auto-Login does not work it is easy to record the workflow and parameterize inputs. This is typical for cases where more than a simple username/password pair is required during login.
Burp Auto-Mapper Integration
Venari can export issues and site map information directly Burp via plugin
Distributed Security Testing of Web Applications
High-level guidance on incorporating DAST automation into DevOps pipelines. (ITEA conference presentation aimed at a government acquisitions perspective)
