Cyber Tzar was established with the goal of improving the understanding and management of cyber risk globally to facilitate more fully informed interactions in the marketplace and promoting a safer and more secure internet.
The credibility of the score is key to its adoption and we have developed a number of principles to guide and communicate our approach.
We use the OWASP Zap framework. This is easily the current "best in class" automated penetration test that is available today.
We use other best in class tools to provide: subdomain discovery, SSL certificate health checks, and port vulnerability scanning.
Our outputs are rigorously mapped to, and include reporting in, OWASP Zap Top Ten (2021), the MITRE Framework, and the NIST Framework.
We provide an API interface so that you can easily combine and integrate security testing, engineering, and remediation into the software development life-cycle ("SDLC").
We provide a full range of analytic graphs and ways for you to view your data. Change over time history allows you to understand how you are improving as well as the changes in vulnerabilities.
As well as scanning your web sites for code and configuration issues our platform can also check your APIs for security vulnerabilities.
Using the very latest cyber-security penetration testing scanning systems CyberTzar is at the forefront of comprehensive vulnerability scanning, allowing you to have complete visibility of all your internet architecture autonomously with easy to use analytics and tools.
1) Scan continuously for vulnerabilities.
2) hundreds of thousands of attack points and counting
3) instant cyber-security score calculations
4) API to plug into automated DevOps continuous integration and continuous delivery (aka "CI/CD") pipelines.
With thousands of novel vulnerabilities scanned daily, continuous and autonomous scanning by CyberTzar enables you to identify or rediscover any gaps as they are introduced through your development cycles, giving any team visibility and the ability to act.
1) only buy what you need
2) instructed by top cyber-security experts
3) pay per scan or via subscription
4) tailored for your industry
CyberTzar combines the best engineering excellence from both academic and industry to ensure all bases are covered.
With international monitors and developers, we monitor cyber-security threats based upon industrial and geography to ensure you are protected regardless of where your physical or digital infrastructure is based.
We have developed modular, cloud-based services to suit your business needs and specifically engineered to have maximum impact within your industry. From manufacturing, e-commerce, financial services or anything that involves a website: we have you covered with our portfolio of solutions.
With our paid plans you get complete control of your cybersecurity monitoring needs from the comfort of your desktop. Keep full visibility in the confines of your safest environment by running scans from our cloud-based secure platform 24/7.
We believe you should only pay for what you need to protect your business at the right level. Hence CyberTzar can guide you with experts from every sector and environment with enterprise and industrial IT management.
Our platform is built with you, the user, in mind. Scanning a domain and getting your results couldn't be easier.
We care deeply about your information and your right to test your systems for cyber security vulnerabilities; our products include industrial strength automated penetration testing. Before allowing any "Gold" tests we will need to be able to confirm you are either; the legal owner of the web site, or acting on behalf of the legal owner of the web site. We use a process that should be familiar to anyone that has opened a bank account. The example below is from the UK. We are registered with the UK's Office of the Information Commissioner and all of your data is held securely (both in transit and at rest).
Our platform is based around open source and open standards technology, wherever possible.
All development is done in house, by a dedicated team of technology experts, and the platform is managed in house too.
We use a mixture of technology components and languages including (in no particular order):
Ruby on Rails, Java, OWASP Zap, SideKiq, PostgreSQL, Stripe, HoneyBadger, IPinfo, Python, PayPal, Redis, Zabbix, Moberise, PostMan, and others.
They are arranged in a typical n-tier architecture, where there is clear separation of presentation & display logic, from application & business logic, and from the data persistence logic and the database itself. We use in memory messaging technology for job coordination. User accounts and data are multi-tenanted, both in terms of the cloud hosting we use and in the architecture, and we use strongly typed code and security modules to provide user account management and separation of form between user accounts.
We host in the cloud, taking advantage of IaaS, both on virtual machines and containers, based on Linux exclusively, using Linode. The physical servers we use from our cloud provider are located UK South and UK West. All servers are monitored 24/7, as is the platform and applications.
We use IPinfo to provide IP geolocation services, so that we can tailor the user experience we provide.
Click to Open Code Editor