Jackhammer: Security vulnerability assessment/management tool

Jackhammer

Jackhammer: Security vulnerability assessment/management tool

Category : Blog

Jackhammer

Jackhammer  is a collaboration tool built with an aim of bridging the gap between Security team vs dev team, QA team and being a facilitator for TPM to understand and track the quality of the code going into production. It could do static code analysis and dynamic analysis with inbuilt vulnerability management capability. It finds security vulnerabilities in the target applications and it helps security teams to manage the chaos in this new age of continuous integration and continuous/multiple deployments.

It completely works on RBAC (Role Based Access Control). There are cool dashboards for individual scans and team scans giving ample flexibility to collaborate with different teams. It is totally built on pluggable architecture which can be integrated with any open source/commercial tool.

Jackhammer uses the OWASP pipeline project to run multiple open source and commercial tools against your code, web app, mobile app, cms (wordpress), network.

 

Jackhammer

 

Features of Jackhammer:

  • Provides unified interface to collaborate on findings
  • Scanning (code / web-app / mobile-app /wordpress / network) can be done for all code management repositories and URLs
  • Scheduling of scans based on 3 intervals # daily, weekly, monthly
  • Advanced false positive filtering
  • Integrate other open source/ commercial/ your custom scanner within few minutes to Jackhammer
  • Realtime notification for scans
  • Publish vulnerabilities to bug tracking systems
  • Keep a tab on statistics and vulnerability trends in your applications
  • Integrates with majority of open source and commercial scanning tools
  • User and roles management giving greater control
  • Configurable severity levels on list of findings across the applications
  • Built-in vulnerability status progression
  • Additional support to upload result from other scanners(14 scanners already supported) and manage the vulnerabilities in Jackhammer
  • Intelligent filtering of vulnerabilities on different criteria to see what is actually needed

 

Scanning

 

Static Code Analysis

Built-in scanning tools support a majority of popular languages such as Java, Ruby, Python, and Nodejs, etc. In addition to security vulnerabilities, it also finds vulnerabilities in deprecated libraries and the applicable publically available CVEs.

For static analysis, this open source tool integrates with Brakeman, Bundler-Audit, Checkmarx, Dawnscanner, FindSecurityBugs, Xanitizer, NodeSecurityProject, PMD and Retire.js. If you are looking to find hard coded secrets/tokens/credentials, then Jackhammer uses Trufflehog. The base of all scans is a Nmap scan. For web application scanning, it uses Arachni and WPScan. Mobile scanning is also supported with Androbugs and Androguard. Not only that, you can also add new scanners within a few minutes. This is a nice user guide which tells you how to do it. Not only that, you can also import results from other scanners such as – Nmap, Burp Suite, ZAP, Nessus, QualysGuard, OpenVAS, Metasploit, Nexpose, Arachni, IBMApp, Fortify, SkipFish, W3af and Acunetix.

 

Static

 

Dynamic Analysis

It can scan all web applications / mobile applications / network / content managmenet system with and without authentication and has a unique way of managing sessions for better identification of vulnerabilities.

 

Dynamic

 

 

 

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Certified Ethical Hacker Certification – C | EH v10

Summer Training for CSE, IT, BCA & MCA Students 

Network Penetration Testing training

Ethical Hacking  training

Python Programming training

Diploma in Network Security Training

Android Development  training

Secured Coding in Java

Certified Network Penetration Tester 

Diploma in Web Application Security 

Certified Web Application Penetration Tester 

Certified Android Penetration Tester 

Certified Python Programming 

Advance Python Training 

Reverse Engineering Training  

Amazon Web Services Training  

VMware Training 

 

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Data Recovery

 

Other Location for Online Courses:

Bhubaneswar

Bangalore

Hyderabad


Leave a Reply

Show Buttons
Hide Buttons