© 2022 Prancer, Inc.

Blog

Prancer Enterprise announces the release of Penetration Testing as Code Framework (PAC)

Prancer
January 12, 2022

San Diego, CA – Jan 12th 2022 – Prancer Enterprise, a company providing shift-left security strategies for the cloud, announces the release of Penetration Testing as Code Framework (PAC). Prancer’s Penetration Testing as Code Framework (PAC) is the main offensive security tool offered by the company to promote shift-left security strategies in cloud environments. The shift left movement has been growing since the last couple of years with initiatives like Prancer’s Infrastructure as Code (IaC) static code analysis. Prancer Enterprise is now the main player of this movement through its Penetration Testing as Code Framework (PAC), a serverless software as a service penetration testing framework that allows developers to perform security assessments on their application before it goes into production.

“Our goal with PAC is to make offensive security tools accessible to product development teams. Traditional methods demand a significant amount of work from security experts and pentesters, who must manually repeat procedures that lack the reproducibility and process hygiene of software development processes. In today’s CI/CD world, the existence of a manual security testing procedure creates significant operational inefficiencies. PAC strives to minimize these barriers.” said Prancer CEO & Founder Farshid Mahdavipour. “Instead, the deep testing only happening at the end of a project or after a feature is built, which could be very costly to fix the code after the release of the product”

Prancer has developed an automated pentest that uses its patented technology to model actual attack behaviors. This new technology offers earlier detection than manual penetration tests for more accurate results in less time. It provides risk-based insights into vulnerabilities and threats so companies can take action before it’s too late.

Built on top of Prancer’s CSPM and static code analysis engine, PAC extensively reduces security analysts’ time on false positives by co-relating actual vulnerability findings with cloud configuration settings in real-time. The Cyber Budgets are reduced significantly since PAC can detect potential risks more efficiently than humans ever would!

This helps minimize duplication efforts across a wide range of native & third-party tools for cloud security products to make it easier than ever before to get accurate information about your organization’s risk exposure via automation.

Prancer delivers PAC in a serverless way and seamlessly integrates with your CI / CD pipelines to pentest your applications at the development time, shifting left the offensive security. PAC empowers App Dev teams to validate their application’s attack surface which is critical for effective risk management. PAC also reduces the Pentest time significantly, automating Pentest tasks and enabling Pentesters to focus on higher-value activities. This brings together application development and security into one process, to ensure the secure delivery of cloud applications.

PAC uses prancer’s CSPM engine to auto-learn the application and service endpoints hosted in your cloud networks. PAC seamlessly runs authenticated and unauthenticated testing out of the box from trusted or untrusted networks. PAC provides custom capabilities for injecting custom threats vectors into code to test both Whitebox and BlackBox scenarios giving you a fully rounded Pentesting experience.

PAC codifies and validates the company’s cloud resources against the zero-day vulnerabilities and latest cyber security threats in real-time to build an attack-ready cloud. It is an essential part of Prancer’s Shift Left strategy and Security as Code offerings.  PAC accelerates Pentesting to provide actionable Pentest Reports within minutes of the Pentest finish instead of weeks or months.

The majority of the time, security validation is a manual operation. It lacks the repeatability and process hygiene associated with SDLC. In the CI/CD world, the existence of a manual security testing procedure creates significant operational inefficiencies. Validation as code strives to minimize these barriers. For one, it helps to speed up the procedure by automating many of the operations that are currently done manually to co-exist with SDLC processes. It guarantees repeatability, accuracy, and consistency by removing human error.

Prancer already distributed this new technology among the current customers they have. Cartoonmango (https://cartoonmango.com), a prancer client which provides consulting and IT automation for companies, already leveraging the power of PAC to automate the pentesting effort for its current client base. Also, Prancer’s Solution Integrations partners (SI) are equipped with the knowledge to start implementing PAC projects. Emergere technologies (https://emergertech.com/) and NewLineInfo (https://newlineinfo.com/) are partners which are ready to implement the solutions for interested companies.

About Prancer

Prancer Enterprise (https://www.prancer.io) provides shift-left strategies and tools for cloud security, cloud compliance, and cloud validation. These tools are focused on the developer’s empowerment in the DevSecOps process. Prancer provides Security Automation as Code, Static code analysis (SCA) for Infrastructure as Code (IaC) and Cloud live resources. The latest offering Prancers has announced is the patented technology for penetration testing as code (PAC). Prancer Security offers a set of tools and services to automate Security Requirements in the Cloud Provisioning process keeping Security Policy at the center of Security Automation as Code design.