|
 |
| |
|
- Automated Static code analysis has always been faster and provides better coverage than a manual review.
- Static analysis tools are effective at finding common security bugs however they are ineffective at finding business logic vulnerabilities or any complex data leakage vulnerabilities.
- SAST solutions traditionally have not been able to identify complex business logic vulnerabilities because these are specific to applications and/or the business. This has always been considered as the biggest limitation of these tools.
|
|
|
|
|
| |
ShifLeft makes it much more easier to find such complex vulnerabilities. You must be thinking how is that even possible? |
|
|
- Their approach combines a novel representation of source code denoted as a code property graph.
- This graph combines properties of abstract syntax trees, control flow graphs and program dependence graphs in a joint data structure.
- This comprehensive view on code enables Shiftleft to elegantly model templates for common vulnerabilities using graph traversals such as authorization bypass templates to look for flows when authorization is not happening post authentication.
- ShiftLeft’s Code Property Graph can map the end-to-end flows within an application and help find any conditions that lead to logic flow bypass such as authorization bypass in the source code.
|
|
|
|
|
| |
| |
|
 |
|
| |
To know more, please listen to this webinar on
Finding Business Logic Flaws, Data Leakage and
Hard-Coded Secrets in Development |
|
|
| |
|
|
|
| |
|
securelinkme.net
UAE | KSA | KUWAIT | QATAR | BAHRAIN | OMAN | EGYPT | PAKISTAN | JORDAN | MOROCCO | TURKEY | SOUTH AFRICA | NIGERIA |
