Promote this Nomination

Additional Info

Company (that provides the nominated product / solution / service)Onward Security
Company size (employees)10 to 49
Type of solutionHybrid

In 3 bullets, summarize why this product or service is different from the competition and deserves recognition:

•More Than a Fuzzer
HERCULES SecDevice doesn’t stop at just uncovering unknown vulnerabilities in a device/product, it also tests ICS/SCADA devices and other connected products for any known vulnerabilities through multiple and various attack methods. Full test report and OWASP Top 10 report are available in both Traditional Chinese and English.

Once a test is configured, the whole process will be automated as HERCULES SecDevice supports device restart and re-scan, and SecDevice can be connected to multiple test targets as well. HERCULES SecDevice is designed to assist organizations in saving time and resources during testing.

A flexible testing tool for ICS/SCADA products. HERCULES SecDevice can be used to test various devices, including wireless ones, and supports a wide array of network protocols. HERCULES SecDevice is constantly updated to support the latest test cases, as well as more network protocols, making it able to be deployed in different usage to test wider variety of products

Summary of Achievements

HERCULES SecDevice is a security assessment tool for connected products, and ICS/SCADA products. It is designed to assist vendors in the testing phase of SSDLC (Secure Software Development Lifecycle) by saving time and labor through automation. Not only that, HERCULES SecDevice can also be used as a tool to enforce acceptance standard when purchasing externally sourced components.
HERCULES SecDevice uses intelligent fuzzing technique test to uncover unknown vulnerabilities, and other various testing methods including DoS, network and web vulnerability tests to check for known vulnerabilities in operating system, web applications, web pages, network protocols, and wireless connection within ICS/SCADA devices. Users can select test cases and policies prior to running a test. HERCULES SecDevice gathers data and packets sent and received during the test to allow tester to reproduce issues detected in the report, this includes the web pages affected, and vulnerability information. A PCAP file is also available for download for each failed test case to assist developers in recreating the issue.
Intelligent analysis of SecDevice assists testers by identifying vulnerabilities detected, risks involved, as well as solutions. The bilingual detailed reports produced after the test has been conducted can be used to assist an organization in complying with IEC 62443, and IEC 62351.
HERCULES SecDevice comes as a hybrid of hardware and software that utilizes web-based interface as a method of operation, the portable design of HERCULES SecDevice eliminates the need for any installations, users only need to have a simple setup consisting of a PC/laptop, SecDevice, and test targets, all connected using ethernet cables, to perform a test. Should the tester require the test target to be restarted, HERCULES SecDevice also comes with a power switch to restart the test target.


Browse Award Nominations