SecurityPrism
Source Code Vulnerability Inspection Solution
SecurityPrism¢ç provides the capability to ensure secure application in the early stage of development lifecycle. It allows developers and QA to avoid programming patterns which hackers would attack. Enterprise can reduce business risks by proactively responding to application security problems.
Overview
SecurityPrism¢ç automatically checks your source code based on pre-defined rules about security vulnerabilities. Without configuring compiler environment or running programs, it exactly locates code lines which violate the pre-defined rules.
It allows QA team to check source code¡¯s vulnerabilities. Developer can inspect their own source codes on PC with communication to the central server.
Key Features
| Vulnerability patterns | It provides vulnerability patterns database based on international standards such as CWE, OWASP etc. |
| Secure coding guideline | It provides secure coding examples and vulnerable coding examples. You would get information on what you were wrong and how to fix it. |
| Detecting vulnerabilities in source code | It detects vulnerable source codes and you can immediately drill down to the source code line. |
| Automatic updating rules | It allows developers to update rules automatically based on centralized rule management. |
| Rule Description Language | It allows you to create new rules with GTOne¡¯s advanced script language. |
* It supports diverse languages such as Java/JSP(Eclipse plug-in), C etc.
Benefits
| Reduce security risks | According to Gartner report (The Ratio of Hacking and Security Incident), 75% of hackers¡¯ attacks occurred at application level, not the network or server level. By a research (U.S Department of Defense), there are 1% of vulnerable and insecure codes per each 1,000 LOC. Tremendous cost caused by security incident is reduced significantly through pre-detection of security vulnerability in the early stage. |
| Lower costs | Checking source code with manual ways requires experienced security experts and is time consuming task. SecurityPrism¢ç can save your time and cost by providing secure coding guideline and automatic detection of vulnerable source codes. |
Differentiators
| Patent technology for Vulnerability Detection | SecurityPrism¢çuses unique patent technologies called Rule Description Language For Software Vulnerability Detection and Program Analysis Method Based On Cluster. |
| Easy to use | Unlike other solutions, SecurityPrism¢ç doesn¡¯t require complex environment setting for compilers. It just requires source files. |
| Seamless integration | SecurityPrism¢ç shares single technology platform with other GTOne¡¯s application governance solutions. It means you would facilitate multiple dimensions of static analysis (impact analysis, code quality and security vulnerability) in a single environment. |
| CWE Compliance | SecurityPrism¢ç's advanced static analysis engine automatically detects over 150 types of security vulnerabilities in your code, allowing you to accurately reduce risks of security breaches. GTOne's SecurityPrism¢ç is certified as CWE-Compatabile and static analysis tool that available for CWE compliance. CWE(Common Weakness Enumeration) is an international standard list of software weaknesses and security vulnerabilities. Please see here to find how SecurityPrism's inspection rules correlated with CWE identifiers. |
Customers
- more...
