Skip to main content

March 2017


I was very pleased to accept this invitation to write for Sonae IM blog about the Caixa Empreender Award 2017 won by Here you can find out more about this award and its significance to Sonae IM in the words of Carlos Silva, but my mission is to use this text to further explain what we believe to be an innovative tool to find and manage security vulnerabilities in Web applications.

Our solution is an open SaaS (Software-as-a-Service) platform available on the cloud, which is able to search for and detect vulnerabilities in any online service. It can be used by a bank to improve the security of its online banking service, but it can also be used on a corporate website of a small, medium or large businesses. I believe this is a democratic solution that allows for an unmatched flexibility on the market.

Ever since the beginning, one of our major goals was to create something that an audience such as programmers could relate to, without the need for deeper knowledge in cybersecurity. Naturally, one of the toughest challenges was to find a way to present the content generated by our tests in a perceptible manner, as this type of report consists necessarily of quite technical and detailed information about vulnerabilities. We were pleased to find that the compromise we arrived to doesn’t require an interpretation by means of cybersecurity experts, which makes our solution, in addition to user-friendly, quite efficient in terms of costs.

One other aspect that is more technical and was – and still is! – very interesting to develop has to do with the elimination of false positives, a very thorough and ongoing effort through which we try to equip our solution with the ability to understand the semantics of what it is actually analysing. That can only be achieved through several different and complementary techniques, such as exploring vulnerabilities, in a safe and controlled manner, in order to confirm their existence.

I was also asked to say a few words about what will be the future of I believe I won’t be lying by saying that, in addition to wanting to grow quickly in our number of clients, we will continue to endeavour to improve the variety of vulnerabilities we are able to detect. We want programmers to see us as a reference to use in automated cybersecurity tests while developing their software.

Nuno Loureiro, CEO