Test your app security with Sqreen (beta)

You can already use Sqreen to protect and observe your application, and soon, you will be able to use it to test your app’s security while you build it.

Presently in beta, Sqreen Test enables teams to test the security of an application during its development. Because you install the Sqreen Microagent inside your application, it has the advantage of being able to dynamically examine the app from the inside. It knows how your app works in production, and it can use this data to stress-test a newer version of the app in a pre-production environment to reveal bugs and expose vulnerabilities.

With Sqreen Test, you will be able to run on-demand security testing sessions on your app in pre-production. With the information the security test reveals, your engineering and security teams can drill down in the exceptions and backtrace to reveal and address security vulnerabilities. Use Sqreen Test to add security testing sessions to your software development lifecycle (SDLC) to remediate vulnerabilities before pushing to production.

Beyond Beta!

Sqreen Test is presently in beta and we are actively looking for design partners. Please consider helping us get to general availability by signing up for a demo and contributing your feedback.

How it works

When you install the Sqreen Microagent in your app in a production environment, it dynamically instruments the app’s functions to observe and protect the app at runtime. But while it is protecting the app, it is also learning about the requests, amassing metadata about the traffic coming into the app such as structures and payloads (Mapping phase). Sqreen Test will then use this data for fuzzing, simulating traffic to an app in a pre-production environment to expose vulnerabilities in the code (Attack phase). Because it is continuously learning, you do not need to adjust the tests when you publish new routes or release new business logic in your app; Sqreen Test will discover new elements and automatically begin testing them for security.

From the Sqreen Dashboard, you will be able to instruct Sqreen to begin the test without manually specifying any details or testing parameters.

When it finds a bug, Sqreen Test will record the exception event including all the information an engineering or security team needs to locate and resolve the issue. You will be able to drill into each event to figure out what caused it and how to resolve it before deploying the app to production.

When it detects a vulnerability, Sqreen Test will describe the details of the vulnerability, such as vulnerable business logic and the payload of the query that Sqreen Test used to successfully simulate and remediate a SQL injection, for example. Further, Sqreen Test will offer a stack trace to show where to fix the code in the app.

Sqreen Test in your SLDC

Post-beta, consider using Sqreen Test to add a layer of application security testing in your CI/CD pipeline. Sqreen Test will remove the burden of having to manually set up tests or generate simulated traffic to your app because it will use the data it will have collected from your app’s traffic in production. From the Sqreen Dashboard, you will be able to execute the security test in a pre-production environment, then share the exceptions and backtrace with the team to address issues well before you release a new version of the app.

Sqreen Test will even learn from the application security tests it runs. With each run, it will learn more about the way your app works and can mutate the parameters in the simulated traffic to detect deeper vulnerabilities. Vulnerabilities that Sqreen Test reveals are vulnerabilities against which Sqreen immediately protects with RASP and In-App WAF. While you already trust Sqreen to monitor and protect your app at runtime in production, you can soon use it to secure and harden your app before its release.