Scan internal applications for vulnerabilities

Many companies have internal web applications, accessible only from their corporate network or through a VPN. These are often back-offices, management portals, HR applications, and everything that makes sense only for the company workforce, not for their clients. This also means that cloud services, like Probely, could not scan them for vulnerabilities.

Until now.

We have published a long-awaited feature that gives our customers the ability to scan applications inside a private network: our Farcaster Agent.

What is the Farcaster Agent?

In simple terms, our Farcaster Agent creates a secure tunnel between your internal network and us, giving you total control over what we can connect to.

The Agent materializes itself through a Virtual Machine or a Docker container installed inside your network. Once started, it creates a tunnel to Probely, which in turn is used to send the scan requests to your scan target. What is implicit here is that the Agent does not need to be exposed to the Internet since connections start inside out. The same goes for your target: no need to expose it.

The name was not chosen by chance: Farcaster is an instantaneous transportation device from the Hyperion universe that connects planets as if they were close to each other. We thought it is an adequate name for something that brings together distant hosts: our scanning engine and your scanning targets.

Improve your security

If you have internal applications that are not being tested periodically or have test environments that are exposed to the Internet, this is a good opportunity to improve your security posture.

In the former case, don’t undervalue the need to scan internal applications: they are still exposed to many bad actors, such as malware spreading from laptops to disgruntled or curious employees, not forgetting partners with access to your network.

For the latter, you prevent test sites from being accessible to everyone. Remember, those sites typically have lower security requirements, with untested code, debug enabled, and features that are yet to be announced to the general public. Keeping all that away from attackers is paramount.

By being able to scan all of these without exposing them, your organization reduces risks.

How does it work?

The best way to describe how the Probely Agent works is through an image:

Probely Agent for internal application scanning network diagram

The Remote Agent sits in your network, either as a VM or a Docker container. After configured, it connects back to Probely, creating a tunnel to the Agent Hub. Authentication is mutual with client and server certificates.

When you start a scan for a target with an Agent configured, Probely will forward the requests through the tunnel that connects the Agent Hub and the Remote Agent, which in turn will forward the requests to the target.

The concept is simple, and it is built on top of three principles:

Security
- Probely has no administrative access to the Agent host.
- The Agent host supports custom firewall rules so that network access can be further restricted.
- The Agent host does not listen on any public Internet port to reduce its attack surface.
Control
- No black boxes: all code is open source, and it’s published in our Github, with a permissive license.
- The instructions and tools to build the Agent are also at Github. This gives you the power to know exactly what is running on your infrastructure.
- You have full control over the host and can change it as you see fit.
Simplicity
- The code follows simple design decisions and uses industry-standard components whenever possible.
- We keep network requirements to a minimum. There is no need for public IP addresses or complex firewall rules.
- The Agent requires minimal hardware resources and is designed to scale easily.

Availability

This feature is only available for our enterprise edition, Probely Plus. Even if you are not using this version, we are happy to listen to your needs.

Right now, you need to talk with us to enable and configure the Agent on your targets. We are still working on adding support for self-configuration in our beloved user interface!

Increase your productivity

Now that you know how Probely’s Agent can help you, I hope you will trust us to take your business security to the next level.

Regardless, if you have any questions about Probely’s Agent, you can leave a comment or reach out on our website. Also, if you are interested in protecting your web application, I strongly recommend you to explore our articles.

Until the next time!

More from Probely

2FA Target Scans Simplified with Probely's DAST
Probely offers a streamlined approach to setting up and performing comprehensive scans on targets protected with 2FA without compromising the robust protection that 2FA offers to your websites and applications.
Tiago Mendo
February 14, 2024 · 3 min read 0
DAST Features
Pause and resume scans and set blackout periods
Depending on the target's nature, you may want to prevent scans from running at certain times. For instance, when you don't want scans to affect your team's productivity during working hours or when you want to guarantee that your website can handle all customer requests during peak hours. With Probely, you can pause and resume scans later, both on-demand and automatically.
Nuno Loureiro
August 10, 2022 · 2 min read 0
Features
What are Teams and how can they help me?
Understand how to use Teams to mimic your company’s structure better and address its needs. Please note that this feature is only available for Probely Plus. Teams provide a way for you to group Users, API keys, and Targets in one place so that managing them becomes easier and time-efficient. You can create multiple teams for one account. Teams act as independent units/groups and help you separate and assign targets for each team, limit the number of targets, set scopes, and user roles. One user can be added to different teams and assigned roles that don’t affect one another, such as an admin, developer, or a custom role.
Nuno Loureiro
June 30, 2022 · 5 min read 0
Features
Enterprise Edition Update: Probely Integration with Jira
Our web application scanning software’s latest update enables you to integrate Jira with Probely. Atlassian’s Jira is one of the most widely adopted issue and project tracking software systems available and has been named the number one software development tool for agile teams.
Nuno Loureiro
June 12, 2019 · 7 min read 0
Features Jira Shift Left