Saitech IT Solution adopts a static source code analysis platform that leverages third generation software verification technologies to identify web application vulnerabilities throughout development. Our web-based solution provides automated compiler-independent code analysis that models tainted dataflow within the application. Reports pinpoint vulnerable code locations and offer prioritized remediation guidance, while integration facilitates immediate hot-fix remediation. Our service offers proactive and cost-effective remediation for vulnerable code, representing a low-cost, risk-free alternative to the common build-first secure-later paradigm.

 

Proactive Vulnerability Remediation

 

Identifies vulnerable Web application source code throughout the application life cycle
Facilitates early, efficient and cost-effective vulnerability remediation
Detects vulnerabilities in ASP.NET, VB.NET, C#, Java/J2EE, JSP, EJB, PHP, Classic ASP and VBScript
Models Web application behavior and traces data flow from entry point to vulnerable file
Calculates outcome of tainted input propagation through the application
Scans source code non-intrusively with no impact on running applications
Integrates with code repository to enable automated code retrieval and analysis
Aligns secure coding efforts with development processes by integrating with IDE and code check-in

 

Third Generation Technology

 

Network appliance provides Web accessible role-based project and scan management interface
Built-in language parsers facilitate compiler-independent analysis and flexible deployment
Advanced formal verification algorithms and compiler-independence ensure fast and accurate vulnerability detection
Compiler-independent analysis engine requires only source code access; there is no build-integration requirement
Advanced Traceback feature traces tainted input from source code entry point, across functions, classes and files to resulting vulnerabilities

 

Precision and Coverage

 

Built-in language parsers analyze source code independent of build environment
Advanced formal verification algorithms and compiler-independence ensure extremely low false positive rates (<1%)
Advanced Traceback feature tracks tainted input from source code entry point, across functions, classes and files to resulting vulnerabilities
Interactive Web-based reports pinpoint vulnerable code locations

 

Advanced Reporting

 

Offers interactive analysis and reporting via Web interface
Includes detailed Traceback describing tainted data flow within application
Highlights vulnerable security-related entry points, functions, and classes
Prioritizes risk-based vulnerability remediation activities
Provides remediation guidance with detailed sample exploitation and remediation code
Automates customized technical and executive report distribution
Supports PDF, HTML, XML reports and WAF export integration