SecurityPrismcode-analyzers-codeprism

Source Code Vulnerability Inspection

SecurityPrism¢ç provides the capability to ensure secure application in the early stage of development lifecycle. It allows developers and QA to avoid programming patterns which hackers would attack. Enterprise can reduce business risks by proactively responding to application security problems.

Overview

SecurityPrism¢ç automatically checks your source code based on pre-defined rules about security vulnerabilities. Without configuring compiler environment or running programs, it exactly locates code lines which violate the pre-defined rules.

It allows QA team to check source code¡¯s vulnerabilities. Developer can inspect their own source codes on PC with communication to the central server.

security-static-analysis-tools_securityprism

Key Features

SecurityPrism's Key Features
Vulnerability patterns It provides vulnerability patterns database based on international standards such as CWE, OWASP etc.
Secure coding guideline It provides secure coding examples and vulnerable coding examples. You would get information on what you were wrong and how to fix it.
Detecting vulnerabilities in source code It detects vulnerable source codes and you can immediately drill down to the source code line.
Automatic updating rules It allows developers to update rules automatically based on centralized rule management.
Rule Description Language It allows you to create new rules with GTOne¡¯s advanced script language.
* It supports diverse languages such as Java/JSP(Eclipse plug-in), C etc.

Benefits

SecurityPrism's Benefits
Reduce security risks

According to Gartner report (The Ratio of Hacking and Security Incident), 75% of hackers¡¯ attacks occurred at application level, not the network or server level.

By a research (U.S Department of Defense), there are 1% of vulnerable and insecure codes per each 1,000 LOC.

Tremendous cost caused by security incident is reduced significantly through pre-detection of security vulnerability in the early stage.

Lower costs

Checking source code with manual ways requires experienced security experts and is time consuming task.

SecurityPrism¢ç can save your time and cost by providing secure coding guideline and automatic detection of vulnerable source codes.

Differentiators

SecurityPrism's Differentiators
Patent technology for Vulnerability Detection SecurityPrism¢çuses unique patent technologies called Rule Description Language For Software Vulnerability Detection and Program Analysis Method Based On Cluster.
Easy to use Unlike other solutions, SecurityPrism¢ç doesn¡¯t require complex environment setting for compilers. It just requires source files.
Seamless integration SecurityPrism¢ç shares single technology platform with other GTOne¡¯s application governance solutions. It means you would facilitate multiple dimensions of static analysis (impact analysis, code quality and security vulnerability) in a single environment.
CWE Compliance

SecurityPrism¢ç's advanced static analysis engine automatically detects over 150 types of security vulnerabilities in your code, allowing you to accurately reduce risks of security breaches.

GTOne's SecurityPrism¢ç is certified as CWE-Compatabile and static analysis tool that available for CWE compliance.

CWE(Common Weakness Enumeration) is an international standard list of software weaknesses and security vulnerabilities. Please see here to find how SecurityPrism's inspection rules correlated with CWE identifiers.

Customers

  • Korea Post bank
  • Hana Capital
  • Kyobo Life Insurance
  • JB Woori Capital
  • Heungkuk Life Insurance
  • Heungkuk Fire & Marine Insurance
  • Hanwha Life
  • Hanwha General Insurance
  • Dongbu Life Insurance
  • Samsung Securities
  • Hyundai Card
  • Hyundai Capital
  • Hyundai Commercial
  • Ministry Of The Interior
  • Korea Internet & Security Agency
  • Korea Federation Of Credit Guarantee Foundations
  • Korea National Police Agency
  • Republic Of Korea Army
  • National Pension Service
  • National Pension Fund Investment Office
  • Gangwon Province
  • Korea Veterans Health Service
  • National Disaster Management Institute
  • EPIS
  • Korea Press Foundation
  • Financial Supervisory Service
  • Public Procurement Service
  • Korea Post (Office Of Postal Service)
  • The Armed Forces Financial Management Corps
  • Korea Basic Science Institute
  • Korea Student AID Foundation
  • Ministry Of Health & Welfare
  • Korea Housing & Urban Guarantee
  • Ministry of Public Safety and Security
  • Korea Rural Community Corporation
  • Korea Meteorological Administration
  • Prime Minister¡¯s Office
  • Public Procurement Service
  • IGLOO Security
  • tsis
  • t-broad
  • KCA
  • China Mobile
  • Chongqing Rural Commercial
  • Bank Of Chongqing Co., Ltd
  • etc...
  •  
  •