Announcing Cheksuite

Numorian is proud to reveal what we've been working on behind the scenes: Cheksuite, a new security service built on years of work and decades of experience. I'd like to take a few minutes to share a bit about what we've built and offer a glimpse at the roadmap ahead.

Where it Started

The journey to Cheksuite began back in 2013 when I created an open source project called YAWAST. This started as a simple information gathering tool, but evolved over the years. Over time, and with a ton of community feedback, it evolved into a tool that could identify & validate issues, collect evidence, and record everything needed for reporting. As time went on, and more pen-testers used it as part of their normal routine, it evolved into a very effective tool and a valuable way to save time and improve efficiency.

During those years, YAWAST was downloaded over 125,000 times, and was used by penetration testers around the world.

With Numorian, YAWAST was reborn as yawast-ng, a fork of the original project, with greater goals, new features, and a ton of work done to expand both the capabilities and the potential. This includes a entirely new scanning system for scanning for vulnerabilities like SQL Injection, Cross-Site Scripting, and other injection-related vulnerabilities, and a new plug-in architecture to allow users to extend the functionality is new ways not previously imagined.

The upcoming release of yawast-ng is the culmination of more than a decade of effort, and is yet only the beginning.

Cheksuite's web vulnerability scanning is built on top of yawast-ng as its core scanning engine, and we'll continue to actively develop yawast-ng so that both Cheksuite and open-source users can benefit from the progress made.

Enter Cheksuite

The upcoming release of Cheksuite, a software-as-a-service product, provides automated vulnerability scanning for web applications, as well as information gathering that can be useful to find further issues. This allows companies and consultants to easily identify issues, quickly identify new issues as soon as they are introduced (thanks to scans as frequently as daily), and monitor trends.

The Dashboard

We've built an advanced dashboard that carefully balances the high-level insight needed by leadership to quickly understand how secure applications are, while also giving the deep detail needed by engineers to quickly prioritise and address issues.

With decades of combined experience in security, our team understands the needs of leadership and engineers, and we're constantly working to refine how we present these insights, as we're keenly aware of how important it is to be able to quickly see and understand the risks a system faces.

Automated Scans

We offer plans for weekly and daily scans, so that Cheksuite can be busy working while you stay focused on other things. With automated scans, you can rest assured that our technology is working to identify issues before attackers do.

For those, like me, that also maintain personal websites that they would like to keep secure, we're also offering a deeply discounted Personal plan, that performs scans monthly.

Scanning Engine

As mentioned above, our scanner is built on yawast-ng, and uses private plug-ins to extend the functionality beyond what's included in yawast-ng itself. This proven engine allows us to get deep coverage, while our private plugins extend this to new and novel security checks that go beyond what yawast-ng itself covers.

Because our scanning engine is designed to use data received from the application being scanned and benign exploit payloads, we are able to keep false positives to effectively zero. This means when we report an issue, it's real.

The Roadmap

While we aren't ready to share many details of our roadmap publicly yet, we are working on some exciting enhancements. These will both expand the scope of Cheksuite, and increase its depth, allowing it to find ever more complex issues and provide even better and more targeted remediation advice.

Thoughtful AI

AI is everywhere, and too often is added to products just so that sales teams can say they are using AI. We do have plans to add opt-in and add-on AI features, though designed to add substantial value and improve the security posture of our customers. Details of these will be announced in the future.

More Vulnerabilities

A permanent item on our roadmap is expanding the number of vulnerabilities in software that we can reliably detect, including fast-response releases to detect new vulnerabilities shortly after they are discovered. This will always be our main focus of development: detect as many issues as possible, and minimising the time between new issues being announced and being detected, so our customers are protected as quickly as possible.

Launching Soon

We will be making the service available soon, and we're working with pre-launch customers now. If you'd like to join the list of pre-launch customers, feel free to reach out: [email protected].