Software Security Response

Contain and remediate software security incidents with confidence.

Augury One

Bring deep expertise to every response

Expand your organization's response capabilities with the expert security engineers for every software security incident.

IC A1 Augury One

Embedded Response Team

We embed directly within an your response structure, augmenting or supplementing existing staff capabilities.

Customer Submits Page 00:00 - Page sent Augury One Receives Page 00:15 - Page received Acknowledgment Sent 00:30 - Confirmed receipt Augury One Engages 02:00 - Response engineer online Access to Repositories Provided 02:30 - Repository access granted Code Review Started 03:00 - Analysis in progress Vulnerability Identified 05:00 - SQL injection found Patch Provided by Customer 08:00 - Fix implementation submitted Patch Reviewed by Augury One 10:00 - Verification complete Engagement Complete 12:00 - Case closed successfully

Timely On-Call Support

Page us when you need us. Augury One is available to assist with urgent customer engagements.

Tailored capabilities for every emergency

Equip your organization with the specialized expertise necessary to respond to any situation.

Data security incidents

Go beyond regulatory compliance to ensure your incident remediation fully addresses application data handling and storage concerns.

Product security incidents

Get assistance finding and patching vulnerabilities you suspect are being exploited in your first-party software.

Bug bounty reports

Cut through the noise with help to validate reported findings and ensure they have been fully investigated and remediated.

Third party dependency incidents

Identify the presence and remediation of exploitable vulnerabilities introduced by third party dependencies.

Remove the guesswork from remediation

Support your engineering teams with expert security research and engineering support.

AuthController.java 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 @RestController @RequestMapping("/api/auth") public class AuthController { @Autowired private DatabaseService dbService; @PostMapping("/login") public ResponseEntity <String> login( @RequestParam String username, @RequestParam String password) { String hashedPassword = hashPassword(password); String query = "SELECT id FROM users WHERE username='" + username + "' AND password_hash='" + hashedPassword + "'" ; ResultSet result = dbService.executeQuery(query); if (result.next()) { String userId = result.getString("id"); String token = generateSessionToken(userId); return ResponseEntity.ok(token); } else { return ResponseEntity.status(401).body( "Unauthorized" ); } } ! ⚠ SQL Injection Vulnerability Detected Lines 15-17: Direct string concatenation allows injection attacks Recommendation: Use parameterized queries

Vulnerability Identification

Not sure where to start? We can help triage and identify suspected software vulnerabilities, accelerating the pursuit of mitigation and remediation.

git diff AuthController.java @@ -13,6 +13,15 @@ public class AuthController { 13 String hashedPassword = hashPassword(password); 14 - 15 String query = "SELECT id FROM users WHERE username='" - 16 + username + "' AND password_hash='" - 17 + hashedPassword + "'"; + 15 // Secure implementation: retrieve hash by username first + 16 String query = "SELECT id, password_hash FROM users WHERE username = ?"; + 17 PreparedStatement stmt = dbService.prepareStatement(query); + 18 stmt.setString(1, username); + 19 ResultSet result = stmt.executeQuery(); + 20 + 21 if (result.next()) { + 22 String storedHash = result.getString("password_hash"); + 23 // Secure comparison of password hashes + 24 if (secureCompare(storedHash, hashedPassword)) { + 25 String userId = result.getString("id");

Resolution Verification

When a mitigation or remediation is implemented, we can assess it for thoroughness and completness.

Transparent pricing

Annual Retainer

TBA credits/month, per organization

Per-engagement costs

Initial response engagement Included in retainer
Deliverable preparation Included in retainer
Engagement hours Priced in credits based on incident scope

With essentials included

On-demand availability

Access expert security engineers around the clock for urgent security incidents and response activities.

Rapid response

We tailor our response SLAs to best support the needs of our customers.

Comprehensive incident documentation

Complete documentation of incidents, analysis findings, and remediation steps for compliance and learning.

Post-incident reviews

Detailed post-incident analysis and recommendations to improve your security posture and response capabilities.

About

Augury One was founded to improve the state of software security, lowering the barrier of entry to security services. Staffed by expert software security engineers, Augury One provides organizations continous security advisory and engineering support, augmenting and extending existing organization capabilities.

contact

Want to know more? Let's chat.

info@augury.one