Artificial  Intelligence  based 
Application  Security  Testing


World's first AIAST


TL;DR


In a nutshell, NexPloit uses a recorded interaction as a baseline from which to learn your application’s entry points and what kind of data they expect. After the initial discovery stage, the NexPloit Cloud and NexPloit agent work together to continuously generate new malicious scenarios, using Evolutionary ML algorithms and reinforcement learning. These scenarios are tested on the target until a vulnerability has been discovered.

Real issues

no assumptions

no guessess

no false positives

solutions

Web


As a provider of services over the web, your website or web applications are always at risk since they require free access for your clients. Malicious players constantly look for ways to breach your services..., relying on the fact that your services are openly world facing. Since your business depends on open access from the web, it is imperative that you protect the sensitive data your clients entrust you with from cyber attacks and data breaches. You need a dynamic, easy to use and adaptive solution that assist you to ensure your goal of protecting your web services from the various malicious actors that seek to cause you harm. It is not enough to rely on the perimeter defenses that are set up to protect your services, since many of the vulnerabilities are inherent in your product itself or the environment that your products are in. Furthermore, complex software, environments and data can make your applications more prone to vulnerabilities and increase security risk. NexPloit is the first ML powered IAST solution, and it can help you secure even the most complex of configurations.

Show more

FINTECH


As a provider of financial services, It is imperative that you protect the sensitive data your clients entrust you with from cyber attacks and data breaches. You need a dynamic, easy to use and adaptive solution that assist you to ensure your goal of protecting ...your organisation from the various impacts of a crisis.

Complex environments, data, and software can make your applications more prone to vulnerabilities and increase security risk. NexPloit is the first ML powered IAST solution, and it can help you secure even the most complex of configurations.

Show more

Blockchain


Blockchain is a new and exciting technology, it can be used in a range of applications such as: digital money (Cryptocurrency), ledgers of smart-contracts, secure distributed data storage and more. One of the main and compelling reasons to use Blockchain ...technology is how secure the protocol is, when used correctly the chain is almost unbreakable.

However, every chain has weak links and as a provider of services on the Blockchain protocol you know that right now these links are the exchanges and applications using this technology. We at NeuraLegion believe that Blockchain will become an integral part our daily lives. However in order to fully embrace it, the users require confidence that your product is fully secure. NexPloit is the first ML powered IAST solution, and it has full support of all the tools you will need to scan and secure each part of your Blockchain product.

Show more

iot


The “Internet of Things” is a term that can be applied to a vast number of products, starting from a Bluetooth color-changing lamp in your bedroom to an entire remote controlled smart-home. Such products have myriads of use-cases but share a few traits: ...They connect, react, supply and gather information via their network.

IoT becomes more intertwined in our personal lives with each passing day, and as a supplier of such products it is critical that you protect the privacy of your customers. However, because IoT can take countless forms, the security needs can change drastically, making it difficult to choose which security tool you need.

NexPloit, our ML based IAST solution has scanning capabilities for any type of communication protocol, from BLE to HTTP/S, making it the perfect security tool for IoT. NexPloit can help you find issues in the most simple or the most complex of IoT devices.

Show more

Smart industries


Smart industries are the next stage in the industrial revolution. New smart-factories include amazing engineering feats like robotic arms that can be remote controlled, or automated to perform versatile and delicate tasks. Sometimes referred to as the “IoT of industry” ..., smart-factories have myriads of use-cases but they all share a few traits in common: They connect, react, supply and gather information via their network.

As more and more industrial IoT products are incorporated over many industries, it is imperative to think about the implications of cyber-attacks on such products. If a robotic arm is hacked and reprogrammed, it can cause property damage, stop production or in the worst case, physically harm employees. As a provider or user of such products, it is not only important but critical that you make sure they can be used safely.

NexPloit, our ML based IAST solution has scanning capabilities for any type of communication protocol, from BLE to HTTP/S, making it the perfect security tool for your industrial IoT. NexPloit can help you find security issues with any smart-device and keep your factory running smoothly and safely.

Show more

Automotive


The smart automotive industry is one of the fastest growing markets today, and your challenges, as a manufacturer in the industry, are quite different than what they used to be even several years ago. From the moment the engine was invented and for almost a century... , security concerns mostly revolved around the physical safety of the car and its passengers. Today however, cars are no longer controlled just manually, a growing number the automobile’s controls are taken over by computers. As more and more of these components become computerized and connected to a network, a new type of threat emerges, malicious hackers. In the era of “Smart cars” and “Self-driving cars”, a simple crash test is unable to find vulnerabilities that will allow a malicious hacker to hijack the controls of your car from under your hands. You need a tool that can be used to test the cyber security of the applications and protocols of your automobile. NexPloit, our ML based IAST solution has scanning capabilities for any type of communication protocol, from BLE to HTTP/S, making it the perfect security tool for you. NexPloit can help you find security issues with any smart-component of your automobile and keep it running safely.

Show more

How it works

A Machine Learning powered Interactive Application Security Testing (IAST) solution. Automating a cyber-security specialist’s critical thinking process to scan any target and find real vulnerabilities, including logical-flow problems, with no false positives.

Simplicity

NexPloit simplifies the process of testing the security of your product or services, requiring no experience or the employment of security specialists, all you need to do is:


Using our simple Chrome/FireFox extension, start recording a session of how you would normally work with your product.


Download our agent from your NexPloit dashboard and run it on your test environment machine.


Initiate a new scan from our dashboard, selecting the recorded session and agent.


Receive continuous reports of security vulnerability findings in your product, along with simple explanations of the discovered issue and remedy suggestions.

It’s as easy as that!

No false positives

We only search for real issues, with no assumptions, with no guesses and no false positives.

Our solution by its nature is hands on testing, it only reports a vulnerability when one was found and caused an actual impact on the target. This means you won’t have to spend most of your time finding the real issues out of the heaps of false ones, but rather fixing them.

Machine Learning

Our ML engine continuously learns and evolves from the scans it performs, with no manual intervention. Imagine if a human enetration tester had tens of thousands of hours of experience, with a flawless memory and no need for any rest. Well, that is exactly how you can describe NexPloit.

NexPloit’s engine consists of 3 key machine learning stages:

Discover


The first stage for the engine is to go over the session recording and learn how it must interact with the service / API. It learns what kind of data it should put and where, and what responses it should expect from normal usage and creates a baseline. Using the baseline, NexPloit will know when it’s heading in the right direction by receiving irregular / malformed responses.

Attack


The second stage is the live testing of the target. Using evolutionary algorithms, the engine generates the perfect malicious payloads in order to cause problems; NexPloit understands a problem occurred by comparing the responses with the baseline responses provided in the discovery stage and with the machine-specific data collected from a local agent.

Learn


The last key part is the core memory of NexPloit. This is the part that is constantly learning exploits, and not only ones it finds itself but also from known vulnerabilities (CVEs) already published.

Resources

NexPloit datasheet

NeuraLegion whitepaper

Demo video of the NexPloit platform

NexPloit FAQ

Partners

Partnership programs

NeuraLegion provides a strategic partnership program to businesses all around the world. We encourage you to apply to our Partner programs and become a part of the NeuraLegion family. NexPloit is a SaaS based product that requires minimal integration, with an intuitive and easy-to-use User Interface, and flexible subscription models. Join us and become a Partner today!

Become a partner!

Become part of the NeuraLegion family! Please fill out the form with your contact information.

Regions:

Target customers:

about us

NeuraLegion began when Bar Hofesh and Art Linkov, decided to combine their experience in the cyber security world with biologically inspired machine learning algorithms.

Remarkably, despite the innovation in software development, security testing automation, and new working methods such as DevSecOps, developers could not keep up with the task of writing absolutely secure software. The question we asked ourselves was “Why is the annual number of discovered security issues (CVEs) has been constantly rising?”

To date, security testing automation is focussed on keeping up with known issues, and any finding of new issues is via a heuristics-based approach. The main problem is, that finding non-trivial security issues automatically, is much more complicated when looking at logic-based problems rather than specific endpoint malfunctions. Therefore, any new non-trivial problems were found manually, leading to an ever-growing lag between the ability to go over all new code and finding such issues.

This realization drove us to create NexPloit, the world’s first AI based IAST tool. Combining our Cyber-Security experience with our Machine-Learning skills, we created a system that mirrors a human’s critical thinking process when looking for vulnerabilities. Amazingly, NexPloit’s logic-based engine can be applied to many different scenarios, making it suitable for numerous use-cases such as: Software and web applications, Blockchain exchanges and applications, FinTech, Smart industries, Automotive, Healthcare, IoT and more.

Bar Hofesh, CTO


A cyber security veteran with more than a decade of experience acting as a Security Officer, Researcher, Hacker, Developer and Software architect.

Art Linkov, Chief Scientist


Former biology researcher with extensive experience in genetic algorithms, big-data analysis, statistics and algorithm design.       

Shoham Cohen, CEO


An experienced leader with a diverse background in Finance and Technology over the last 20 years.                                         

Request a demo

Schedule a live product demo

I’m interested in:

Target customers:


contact us