Write more secure and battle-tested software
Web Security automation for Continuous
Integration pipelines.
Integrated with your favourite CI solutions
Empowering developers
Cohesion enhances your existing CI process with a wide range of active and passive web security tests without the need to write any additional code.
“Without Cohesion , you can never be sure if your software is secure before shipping to customers.”
All bases covered
Cohesion ensures that the code is fully tested against a wide range of attacks such as Cross-Site Scripting, SQL Injection, Server-side Request Forgery, Remote Code Execution and more.
Read more
> $ cohesion scanner 'http://target'
wait - scanning target url: 'http://target'
error - XSS discovered (critical - 08)error - Error Discolusre discovered (critical - 08)error - Command Injection discovered (critical - 08)ready - scan complete
3 vulnerabilities (3 critical)
To inspect all issues go tohtts://app.cohesion.sh/issues
> $ cohesion fuzzer request.http
// request.http
POST http://target/path/to/location HTTP/1.1Content-Type: application/json
{ "hello": "world"}
Dynamic testing
Cohesion can test both - standard web applications and APIs. It comes with a range of built-in tools that fit into well-established penetration testing practice.
Read moreProduction? Ready!
Cohesion can break the pipeline if a critical is identified thus ensuring that vulnerable code is never exposed to production environments.
Read more
> $ cohesion fuzzer --exit=">=8" api-request.txt
error - XSS discovered (critical - 08)error - Error Discolusre discovered (critical - 08)error - Command Injection discovered (critical - 08)
----- PROCESS TERMINATED -----
Critical vulnerability indentified foundin api-request.txt
Security, streamlined.
Automate various types of web application security tests.
Web security assessment tool
Discover and brutefoce common files and folder.
$ cohesion scanner 'http://target'
Resource information gathering
Identify hidden files and folders in your application.
$ cohesion spider 'http://target'
API endpoints testing
Identify vulnerabilities within specific requests in mind
$ cohesion fuzzer 'http://target/?param=a'
Test in transit
Test every request captured in transit
$ cohesion proxy 'http://target'