Jackhammer: Security vulnerability assessment/management tool
Category : Blog
Jackhammer is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capability. It finds security vulnerabilities in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.
It completely works on RBAC (Role Based Access Control). There are cool dashboards for individual scans and team scans giving ample flexibility to collaborate with different teams. It is totally built on pluggable architecture which can be integrated with any open source/commercial tool.
Jackhammer uses the OWASP pipeline project to run multiple open source and commercial tools against your code, web app, mobile app, cms (wordpress), network.
Features of Jackhammer:
- Provides unified interface to collaborate on findings
- Scanning (code / web-app / mobile-app /wordpress / network) can be done for all code management repositories and URLs
- Scheduling of scans based on 3 intervals # daily, weekly, monthly
- Advanced false positive filtering
- Integrate other open source/ commercial/ your custom scanner within few minutes to Jackhammer
- Realtime notification for scans
- Publish vulnerabilities to bug tracking systems
- Keep a tab on statistics and vulnerability trends in your applications
- Integrates with majority of open source and commercial scanning tools
- User and roles management giving greater control
- Configurable severity levels on list of findings across the applications
- Built-in vulnerability status progression
- Additional support to upload result from other scanners(14 scanners already supported) and manage the vulnerabilities in Jackhammer
- Intelligent filtering of vulnerabilities on different criteria to see what is actually needed
Static Code Analysis
Built-in scanning tools support a majority of popular languages such as Java, Ruby, Python, and Nodejs, etc. In addition to security vulnerabilities, it also finds vulnerabilities in deprecated libraries and the applicable publically available CVEs.
For static analysis, this open source tool integrates with Brakeman, Bundler-Audit, Checkmarx, Dawnscanner, FindSecurityBugs, Xanitizer, NodeSecurityProject, PMD and Retire.js. If you are looking to find hard coded secrets/tokens/credentials, then Jackhammer uses Trufflehog. The base of all scans is a Nmap scan. For web application scanning, it uses Arachni and WPScan. Mobile scanning is also supported with Androbugs and Androguard. Not only that, you can also add new scanners within a few minutes. This is a nice user guide which tells you how to do it. Not only that, you can also import results from other scanners such as – Nmap, Burp Suite, ZAP, Nessus, QualysGuard, OpenVAS, Metasploit, Nexpose, Arachni, IBMApp, Fortify, SkipFish, W3af and Acunetix.
It can scan all web applications / mobile applications / network / content managmenet system with and without authentication and has a unique way of managing sessions for better identification of vulnerabilities.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: