Products

SBOM Generator

• Quickly analyze OSS components without source code • Swiftly uncover and address vulnerabilities • Support OSS and 3rd party suite license analysis

What is an SBOM?
An SBOM (Software Bill of Materials) is an inventory list that encompasses all the components present in your application.
Why an SBOM matters to you?
SBOM enables effective tracking, management, and mitigation of potential vulnerabilities, compliance issues, and licensing obligations.
What to do for your next step?
Consider selecting low-risk components for your application, and you may :
• Eliminate the need for manual inventory management.
• Automate SBOM generation without source code.
• Ensure compliance with requirements set by regulatory bodies such as the U.S. FDA, Federal EO 14028, the Japan SBOM implementation guide, Taiwan TFDA, and others.
Only 3 Steps to Generate SBOM of the Free Version
Step 1.
Complete the form submission.
Step 2.
Upload your application.
Step 3.
Receive your SBOM!
3 Reasons Why Choosing SecSBOM
1. Quickly analyze OSS components without source code
Through firmware analysis (Firmware Analysis/Binary Analysis) technology, SecSBOM examines the firmware provided by the 3rd party vendor without source code, supports CPE standard format, and discovers the OSS composition of the product.
2. Swiftly Uncover and Address Vulnerabilities
Our tool empowers you to swiftly unveil vulnerabilities related to OSS composition, including the CVE vulnerability identifiers, risk severity classification, intricate reference data, and more.
3. Support OSS and 3rd party suite license analysis
Automated analysis of OSS license modes, such as GPL, Apache, LGPL, and more, SecSBOM helps customers avoid license disputes.

Security Assessment Management System

HERCULES SecSAM is a Security Assessment Management System that can effectively solve open-source software(OSS) risk control and Software Bill of Materials (SBOM) management and other complex issues. Utilizing Cybersecurity Bill of Materials (CBOM) as the technical framework for risk assessment, it integrates the third-party software vulnerability reports (such as source code scanning and vulnerability scanning report), the CI/CD tool that interfaces with the problem tracking management system, and allows users to manage, track, and warn, in a more flexible and convenient way on the basis of secure development.

Features
1. Manage Vulnerability Risk Rating Based on SBOM and CBOM structure
Through the establishment and maintenance of SBOM, analysis of CVE, daily automatic update of vulnerability information, vulnerability report management, and tracking mechanism to effectively monitor the vulnerabilities of products and open-source suites to achieve complete CBOM management.
2. Easily analyze OSS components without source code
Through firmware analysis (Firmware Analysis/Binary Analysis) technology, SecSAM analyzes the firmware provided by the 3rd party vendor without source code, supports CPE standard format, and discovers the OSS composition of the product.
3. Support OSS and 3rd party suite license analysis
Automated analysis of OSS license mode, such as GPL, Apache,LGPL, and more, SecSAM helps customers avoid license disputes.
4. Improve efficiency of vulnerability fix with CI/CD integration
SecSAM can Integrate with the current development and management system and tool to perfect CI/CD procedure.
Benefits
1. Easily create SBOMs
By utilizing automation technology to analyze the composition of OSS in software, SecSAM creates the basis of risk management and improves the security of software supply chain.
2. Quickly investigate and resolve vulnerabilities
Through CBOM, SecSAM manages and tracks vulnerabilities in the stages of development, testing, and maintenance, and integrates CI/CD development tools to facilitate instant resolution.
3. Avoid intellectual property disputes
SecSAM's open source license analysis can check the license mode of OSS components to avoid affecting the interests of corporate intellectual property rights.
4. Comply with global IoT security standards
By adopting the global standard for IoT security, ioXt Likelihood to assess product risks rating. SecSAM complies with international standard requirements and master product risks.

IoT Vulnerability Testing Tool

HERCULES SecDevice is an IoT Vulnerability Testing Tool designed for connected products. It is equipped with functions such as vulnerability testing, fuzz testing, and web security testing. Adopting our patented AI machine learning technology, it accelerates the time and accuracy of vulnerability discovery. The assessments cover IEC 62443, OWASP TOP 10, CWE / SANS TOP 25, and more.

Features
1. Designed for IoT product security
It is designed for the security testing of connected products. It can automatically analyze and test the security of the targeted equipment through the internet or wireless network connections. Simultaneously, it supports automatic continuous testing and reduces labor processing time.
2. Diversified vulnerability testing techniques
Utilizing fuzz testing, network vulnerability scanning, web vulnerability scanning, and DOS testing techniques, it can discover known and unknown vulnerabilities, including operating systems, network applications, network protocols, web pages, wireless security vulnerabilities, and more.
3. TCF intelligent discovery technology
AI technology is used to learn network packets to assist testers to discover the vulnerabilities of various proprietary network protocols, and improve the coverage and integrity of the discovery.
4. Comprehensive test records
The attack packets and test methods in the discovery process can be recorded. SecDevice provides clear reasons for the vulnerabilities and relevant supporting data to help the user quickly review the product security issues.
Benefits
1. Reduce labor and tool costs
It can save the training time of security personnel and reduce the costs of purchasing multiple sets of tools.
2. Reduce professional dependence
Simple operation design makes testers easily to use, and through detailed test records, effectively help developers solve problems.
3. Improve the integrity of product security testing
Patented AI machine learning technology can support the discovery of customized protocol security and make up for the shortcomings of traditional security testing methods.

Cybersecurity E-Learning

Security Innovation is the leading brand of online cybersecurity courses in the United States. Founded in 2002 and headquartered in Massachusetts. Security Innovation has always specialised to provide the latest online learning courses to ensure that enterprises use software systems more securely in the most challenging environments (whether in Web applications, IoT devices or the Cloud). The company provides more than 150 online professional courses in exclusive security-related content, and the quality of teaching is witnessed by more than 3 million users. It is committed to creating the most appropriate courses and learning experience for each learner, making cybersecurity as a part of product development, so that each employee understands the importance of security software development.

Applicable Industries
• Science and Technology Industry
• Medical Industry
• Telecommunication Industry
Course Features
• Pop Quizzes
• Cross-platform Play
• The Biggest, Newest and Fastest in the Industry
• Supports SCORM
• Interactive learning
Advantages of Onward Security
1. Provides more than 150 online professional courses in exclusive security-related content.
2. Making cybersecurity as a part of product development through online learning, so that each employee understands the importance of security software development.
3. Courses can be played across platforms, so users can learn on computers, mobile phones or tablets. The unrestricted learning feature allows users to participate in online courses anytime, anywhere without time and viewing limits.
4. All digital teaching materials can be used on any learning platform or learning management system, and provide pop quizzes to assess learning outcomes.