DevSecOps: a thread

Vulnerability Priorization

Process of determining the order in which security vulnerabilities should be addressed based on their severity and potential impact on an organization.

Faraday Continuous Scanning

Faraday Cloud provides the most extensive continuous scanning and real-time insights for the security integrity of your systems Faraday Cloud gives you a multi-engine scanning platform that supports an ever-growing list of industry security tools.

User Authentication

Faraday supports 2nd Factor Authentication. We support any apps, e.g: Google Authenticator (Android) Google Authenticator (iOS) Authy (Android) Authy (iOS) OTP Authenticator (Android, Open Source)

Users

Provide access to the platform through all its channels. Identified by username and profile, it allows to moderate accesses and keep under control data governance.

Workspaces

A workspace is a project presentation that allows you to summarize information from different sources, work with them as a unit, and generate information.

Assets

An asset is any device, resource or other component of the environment that supports information-related activities. For example, IP Addresses and FQDN in the scope of an assessment.

Duplicate Vulns Management

Facilitate the search for possible duplicates and provides the user with a friendly mechanism to associate a set of vulnerabilities that could refer to the same problem/vuln, with the option of leaving only one of these vulnerabilities visible and hiding the rest.

Reporting

The Executive Report feature lets you create (as the name implies) reports using the results obtained in each workspace. When an Executive Report is created, all the data from the Status Report is automatically processed and placed in a PDF/Word compatible document that can then be downloaded.

Pipelines & Jobs

Allows the user to automate tasks after an agent terminates and new vulnerabilities bulk into a workspace. Also when a user manually uploads a tool report to a workspace.

Profiles

Bringing access to different data visualization to Manager, Pentesters, Clients and Assets Owner.

Faraday Cli

Use Faraday directly from your favourite terminal. faraday-cli is the official client that make automating your security workflows, easier.

Process Scheduler

Automate repetitive Agents’ actions and check results on your Dashboard

Ticketing Integration

This is a feature that allows you to send data from Faraday to Jira/ServiceNow as tickets inside the system. In order to do it, go into our Status Report, select the desired vulnerabilities, click on the Tools button and then click on the ServiceNow/Jira option.

Data Analysis

As Faraday allows you to keep all of your pentests in one place, we thought it would be interesting to add the possibility to see your assessments come to life. These charts allow you to find new relations between your data and clarify the state of an assessment. We will also add new charts in the future, and the possibility to customize them as well!

Tasks

Setup your own actions strategy, assign tasks to users for each phase and easily follow them up. You can create your own custom Methodologies, add Tasks, tag them and keep track of your whole project directly from Faraday. Faraday comes with Methodologies loaded by default that allow you to get to work quickly without having to create your own.

Tags

Tags allow you to organize your vulnerabilities. by letting you make and edit categories: environment, technology, state, language, projects, whatever. The team can then see the tagged vulnerabilities and organize the security evaluation.

Agent Technology

Define and execute your own actions from different sources and automatically import outputs into your repository.

Custom Fields

Custom Fields allow you to extend the Vulnerability’s model with more fields. Custom fields type can be int, str, list, and choice.

Evidence

You can use inline images with Faraday Evidence in the fields above by adding an Evidence file to your vulns and adding markdown like this:

Deployments

No infrastructure changes needed: implement Faraday On-prem, Cloud or Hybrid without network changes.

Web Shell

The idea of the Web Shell is to allow you to work directly from the web using ZSH as a console. You would be connected to your own shell (listening in loopback interface).

Workspace Comparison

This feature lets you easily see and assess the differences between two of your Workspaces.

Vulnerability Templates (KB)

Find yourself writing the same descriptions over and over again? Tired of typos coming up in your reports? Faraday provides a simple solution: unify criteria for naming vulnerabilities and save time and effort to yourself and your team.

Plugins

There are three kinds of plugins available for Faraday; console, report and API also called online. However, these are not mutually exclusive, meaning that some tools have more than one Plugin to process their output. For example, Nmap has a Console plugin which allows you to run it directly from ZSH, but it also has a Report one, in order to import scans that were run outside of Faraday.