Prancer Enterprise, a provider of shift-left cloud security techniques announced on 12th January the release of Penetration Testing as Code Framework (PAC). Penetration Testing as Code Framework, which promotes shift-left security methods in cloud environments is now the main offensive security tool by the company. Furthermore, Prancer Enterprise’s Penetration Testing as Code Framework has made it the main player of shift left movement.
Prancer is based in San Diego and specializes in providing shift-left strategies and tools for cloud security, cloud compliance, and cloud validation. These tools are aimed at empowering developers in the DevSecOps process. Prancer is dedicated to making users’ cloud environments more secure and their end-to-end solutions are centered on moving security to the left and providing businesses with an easy-to-use tool for assessing their cloud security posture.
“Our goal with PAC is to make offensive security tools accessible to product development teams. Traditional methods demand a significant amount of work from security experts and pentesters, who must manually repeat procedures that lack the reproducibility and process hygiene of software development processes,” said Prancer CEO & Founder Farshid Mahdavipour.
Prancer has created an automated pentest that models genuine attack behaviors using its unique technology. This unique technique detects attacks earlier than manual tests, resulting in more accurate results in less time. Penetration Testing as Code Framework, which is based on Prancer’s CSPM and static code analysis engine, significantly saves security analysts’ time spent on false positives by real-time correlating actual vulnerability findings with cloud configuration settings.
This reduces duplication of effort over a vast range of native and third-party cloud security tools, making it easier than ever to obtain accurate information about your organization’s risk exposure through automation. Prancer provides serverless PAC that works smoothly with CI/CD pipelines to pentest applications during development, shifting offensive security to the left.
PAC also drastically minimizes Pentest time by automating operations and allowing Pentesters to focus on higher-value activities. To ensure the secure delivery of cloud applications, this combines application development and security into a single procedure. PAC also has custom features for introducing custom threats vectors into code to test both Whitebox and BlackBox situations, offering a complete Pentesting experience.
“In today’s CI/CD world, the existence of a manual security testing procedure creates significant operational inefficiencies. PAC strives to minimize these barriers. Instead, the deep testing only happens at the end of a project or after a feature is built, which could be very costly to fix the code after the release of the product,” added Farshid.
To develop an attack-ready cloud, PAC codifies and verifies the company’s cloud resources in real-time against zero-day vulnerabilities and the latest cyber security threats. PAC speeds up pentesting such that actionable Pentest Reports are available minutes after the pentest ends, rather than weeks or months later.
As said by Farshid, the existence of a manual security testing technique in the CI/CD world produces major operational inefficiencies. Validation as code aims to eliminate these roadblocks. For starters, it aids in the speeding up of the process by automating many of the tasks that are now performed manually and allowing SDLC processes to coexist. By eliminating human error, it ensures repeatability, precision, and consistency.