Beagle Security Cosmog: Penetration testing for internal web apps

By
Abey Koshy Itty
Published on
19 Oct 2021
5 min read

When it comes to improving your application’s security posture, it is deemed effective when you’re taking essential measures to safeguard your customer-facing external assets as well as your internal assets.

Companies tend to underestimate the need of securing the applications in their private network and ultimately end up having to pay a hefty price for it. Conducting regular vulnerability assessments should be at the centre of your efforts for establishing a robust cyber defense program.

Why you need to do penetration testing for your internal apps?

Big companies tend to have a lot of internal web applications residing in their private network for a wide range of internal tasks. These applications are typically used by only the company employees and have very little to no security in place to fend off any cyber-attack.

Attackers could reach these internal systems without much trouble. This could be through an email with a malicious attachment sent to one of your employees, for example. If the internal applications do not have any sort of hardening in place, it makes it easy for an attacker to initiate chain attacks after gaining an initial foothold.

Organizations often forgot the threat insiders pose as well. Authenticated tests against privileged user roles can give you a complete picture of how dangerous a regular insider can be with the sort of information available for them.

Finding out the known and unknown vulnerabilities of internal apps through a penetration test can help you to significantly reduce risks and improve the security posture of these applications. Moreover, certain compliance standards require you to submit audit reports for internal application scans.

And to empower you to achieve it in an easy, fast and economical way, we’re introducing Beagle Security Cosmog.

What is Beagle Security Cosmog?

Beagle Security Cosmog allows organizations to run automated penetration tests for web applications in their internal private network without having to expose them on the internet.

This is helpful if you have internal applications that are not being pentested regularly or are currently having test/pre-release environments exposed to the internet.

API_security_testing

In terms of setup, all you have to do is install an on-prem Cosmog client in a host machine inside your internal network. The client will connect with the Cosmog server to create a secure tunnel between the Beagle Security Cloud Platform and your organization’s network.

A single installation is necessary to run penetration tests for all the applications in your private network. Once you start a penetration test, the Cosmog server will be ready to accept the connection from the Cosmog client. Now, starting the Cosmog client will establish a secure channel between Beagle Security and your network. This ensures that all traffic for the penetration test is end-to-end encrypted.

How does Beagle Security Cosmog installation work?

Currently, the Cosmog client has to be installed as a Docker container. You’ll have to configure a Cosmog profile to get started.

For adding a Cosmog profile:

  1. Click on your profile dropdown and select Settings

  2. Select Organization –> Cosmog configuration

  3. Click on Add New Profile button

  4. Give it a Profile name, select Bridge IP address, Test IP range and click Save

Here, the bridge IP address is a unique IP address that needs to be assigned for the Cosmog client. You’ll have to make sure that the IP address is not assigned to any other internal devices or systems. The Test IP range is the IP address/IP range of the application(s) that need to be security tested. It should be specified as the CIDR range.

Coming up next is the process of installing the Cosmog client in a host machine. For that:

  1. Select a Cosmog profile and click on the Install button

  2. From the resulting pop-up modal, select the installation type and the platform

  3. Copy the command and run it on your host machine

Once the client installation is complete, you’re good to add your web applications and start the penetration test.

Wrapping up

Beagle Security Cosmog allows you to improve the security posture of applications in your private network efficiently without having to do complex on-prem installations, pay a hefty fee or waste your valuable time waiting for updates or maintenance schedules.

The feature is currently available on the enterprise plan. If you’d like to know more about the solution or schedule a demo, please feel free to schedule a time from here.

We’re also happy to answer any questions that you may have about the feature. Simply get in touch with us via live chat and we’ll be happy to help you!

Automated human-like penetration testing for your web apps & APIs
Teams using Beagle Security are set up in minutes, embrace release-based CI/CD security testing and save up to 65% with timely remediation of vulnerabilities. Sign up for a free account to see what it can do for you.

Written by
Abey Koshy Itty
Abey Koshy Itty
Marketing Manager
Find website security issues in a flash
Improve your website's security posture with proactive vulnerability detection.
Free website security assessment
Experience the power of automated penetration testing & contextual reporting.