Advanced software vulnerability scanning for legacy code bases
Application Security Testing
With the increasing rate of security breaches, it is clear that conventional software development practices are insufficient in defending our privacy, financial information and corporate/government data. The costs and damages of exploited software have also escalated as nation states and organized crime have increased their focus on exploiting software vulnerabilities. Malicious insiders, who may inject malware and other threats within the software supply chain, represent a serious problem for both the government and commercial enterprises. Today’s applications need to be built more securely at the code level, and that code needs to be regularly tested for risk assessment using a structured review method. veriScan simplifies this critical process. Sentar created veriScan to make it much easier to regularly test the security of your application(s) and to provide consistent metrics and a centralized means to manage the process. veriScan is a low cost, high performance array of open source and proprietary software security testing tools that produce comprehensive results for simplifying vulnerability remediation.
Subject: VeriScan The Challenge: During the build of the Objective Simulation Framework (OSF), the client’s most comprehensive modeling simulation, there was a requirement for a
Why choose veriScan?
- VeriScan leads the class in static code scanning, especially with the first ever ability to assess Fortran code.
- Aggregates Sentar-developed scanners and multiple Best-of-Class Open Source Scanners into one consolidated scan. Supported languages include:
- FORTRAN Source Code
- Java Source Code
- Java bytecode
- Ruby on Rails
- Phrase Watcher (scans all file types for words and phrases to detect leakage of sensitive information for classified environments)
- VeriScan combines multiple scan results and the results are integrated for a normalized risk score.
- VeriScan has the ability to display and resolve findings based on risk score and CWE.
- Emerging Symbolic Execution capability uses CWE construct for vulnerability identification. Symbolic Execution allows every possible code path to be mathematically verified for vulnerabilities.