Advanced software vulnerability scanning for legacy code bases
Application Security Testing
With the increasing rate of security breaches, it is clear that conventional software development practices are insufficient in defending our privacy, financial information and corporate/government data. The costs and damages of exploited software have also escalated as nation states and organized crime have increased their focus on exploiting software vulnerabilities. Malicious insiders, who may inject malware and other threats within the software supply chain, represent a serious problem for both the government and commercial enterprises. Today’s applications need to be built more securely at the code level, and that code needs to be regularly tested for risk assessment using a structured review method. CodeValor™ simplifies this critical process. Sentar created CodeValor™ to make it much easier to regularly test the security of your application(s) and to provide consistent metrics and a centralized means to manage the process. CodeValor™ is a low cost, high performance array of open source and proprietary software security testing tools that produce comprehensive results for simplifying vulnerability remediation.
During the build of the client’s most comprehensive modeling simulation, there was a requirement for a high level assurance of the security of the code.
Why choose CodeValor™?
- CodeValor™ leads the class in static code scanning, especially with the first ever ability to assess Fortran code.
- Aggregates Sentar-developed scanners and multiple Best-of-Class Open Source Scanners into one consolidated scan. Supported languages include:
- FORTRAN Source Code
- Java Source Code
- Java bytecode
- Ruby on Rails
- Phrase Watcher (scans all file types for words and phrases to detect leakage of sensitive information for classified environments)
- CodeValor™ combines multiple scan results and the results are integrated for a normalized risk score.
- CodeValor™ has the ability to display and resolve findings based on risk score and CWE.
- Emerging Symbolic Execution capability uses CWE construct for vulnerability identification. Symbolic Execution allows every possible code path to be mathematically verified for vulnerabilities.