To ensure accurate risk severity, Security Reviewer Suite correlates the results from across its multiple analyzers: SAST, DAST, MAST, Software Composition Analysis, Firmware Analysis and Vulnerability Management. This provides an accurate picture of your Application's security and ensures development is addressing the most significant issues first.

Security Reviewer identifies the Root Cause of the problem - not just the symptom, providing line-of-code level details for more than 1100 validation rules for 40+ programming languages, compliant with the best international standards like OWASP 2021, Mobile OWASP 2016, CWE, PCI-DSS, WASC and more.

We do not offer Consultancy Services directly to Customers. Beware of false Security Reviewer 'experts'. To ensure Project's success, we offer a Certification Program mandatory for every Consultancy Firm using our Products in a Consultancy Project at Customer's site.

bug_report

Application Inspection

Our tools provide root-cause identification of vulnerabilities in source code and libraries. Static Reviewer and SCA Reviewer are guided by the largest and most comprehensive set of secure coding rules and support a wide array of languages, platforms, build environments and IDE. Compliant with: OWASP, CWE, CVE, CVSS, MISRA, CERT.

remove_red_eye

Dynamic Analysis

Dynamic Reviewer is an hybrid solution. You can inspect your web application during running, during the Development Lifecycle. Its special PenTest features, allowing to explore vulnerabilities in your Web Applications.

widgets

Firmware Analysis

Firmware Reviewer provides in-depth firmware analysis (binaries, file systems, containers, virtual machines, IoT, UEFI, Appliances, Network Devices, Smart Meters, Surveillance devices, Drones, etc.), allowing to explore vulnerabilities at the same time to keeping the software securely in your own hands. No need of related physical device. Firmware analysis is a tough challenge with a lot of tasks. Many of these tasks can be automated (either with new approaches or incorporation of existing tools) so that a security analyst can focus on his main task: Analyzing the firmware (and finding vulnerabilities).

smartphone

Mobile

Mobile Reviewer is built on the software-as-a-service (SaaS) model, enabling enterprises to get on-demand security assessments of their Mobile Apps. Mobile Reviewer frees enterprises from having to spend resources on the purchase of software or Mobile device simulators, on hiring software security experts and consultants to operate it, and on constant maintenance to keep effective. With Mobile Reviewer, enterprises simply submit Apps through an online platform and quickly get back test results.

dashboard

Centralized Dashboard

Team Reviewer It has the ability to maintain its own repository of internally managed vulnerabilities (findings). Oracle, MySQL, MariaDB or PostgreSQL can be used for storing data, accessible from web browser and REST API. This private repository behaves identical to other sources of vulnerability intelligence such as the OSS Index, VulnDB, NVD, etc. Team Reviewer provides a unified interface for accessing all results from Security Reviewer tools.

low_priority

Forget about False Positives

Our Rule Engine with its internal multi-threaded, optimized state machine based on Dynamic Syntax Tree, is the fastest in the market. It does not need any internal or external DBMS to run, and it is fully extensible via XML. Its unique capability to reconstruct an intended layering, makes it an invaluable tool for discovering the architecture of a vulnerability that has been injected in the source code, with very rare cases of False Positivies.

settings

Nothing left Uncovered

Supported Programming Languages: C#, Vb.NET, VB6, ASP, ASPX, JAVA, JSP, JavaScript, TypeScript, eScript, Java Server Faces, Ruby, Python, R, GO, Kotlin, Clojure (** Updated), Groovy, PowerShell, HTML5, XML, XPath, JSON, C, C++, PHP, SCALA, Rust, IBM Streams SPL, APEX (** Updated), Objective-C, Objective-C++, SWIFT, LUA (** Updated), Perl (** Updated), COBOL, ABAP, SAP-HANA, UiPath, Appian, Dockerfile Security, Kubernetes misconfigurations, Ansible Tasks, Terraform, CloudFormation, Microsoft Azure, Google Cloud, Amazon AWS, Oracle Cloud, PL/SQL, T/SQL, U-SQL, Teradata SQL, SAS-SQL, ANSI SQL, IBM DB2, IBM Informix, MySQL, FireBird, PostGreSQL, SQLite, MongoDB.

exposure

Estimate your Effort

Our Effort Estimation solution provides fully configurable OMG Automated Function Points (AFP) and NESMA FPA (ISO 24570:2018) functionalities are provided as well as a modern software sizing algorithm called Average Programmer Profile Weights (APPW © 2009 by Logical Solutions), a successor to solid ancestor scientific methods as COCOMO, REVIC, COSMIC-FFP and Backfired Function Points, that are also provided applying Motorola© six-Sigma methodology, QSM© and Capers Jones (SRM©) algorithms.

network_check

All you need is Quality

Software Security + Software Quality = Software Integrity. Quality Reviewer evaluates regressions and understands changes in the source code using automated Software Metrics visualization (SW complexity, size and structure Metrics, Halstead Metrics, Chidamber & Kemerer, Mood, QMood, Cognitive Metrics), as well as Effort Estimation and reporting features. It helps to keep code entropy under control, be it in house development or outsourced maintenance projects.

call_made

SQALE Dashboard

Security Reviewer is an Official SQALE tool. SQALE is a methodology for reporting Security, Quality, Dead Code and Best practices as well as Technical Debt in a unique Dashboard. Technical Debt is the estimated man-time that would take to fix the issues. Rules and formulas can be created and customized to better match your teams' needs and habits. Nowadays, the Technical-Debt metaphor has been widely adopted by the software industry, standardized by ISO 9126 and ISO 25010.

autorenew

Continuous Integration

Security Reviewer provides seamless bi-directional integration with existing lifecycle tools to make Static Analysis a natural part of your SDLC process, including market-leading CI/CD (Jenkins, CloudBees, Azure DevOps, GitLab CI/CD, Concourse-ci and Atlassian Bamboo among the others), popular IDEs (Eclipse, Visual Studio, IBM Rational Team Concert, NetBeans, Intellij IDEA, etc.), Source Control Management (SCM), ITSM, Bug Tracking, Build Systems and Application Lifecycle Management (ALM) solutions. Surface and remediate defects directly from within your Pipeline

developer_board

Flexible Deployment Model

Security Reviewer realises that to gain acceptance within enterprise class IT organizations, deployment models must respect official policies. The external server model sometimes provokes resistance as well as old-fashioned desktop apps. In response to such concerns Security Reviewer has a ‘Hybrid’ deployment strategy, which converts Security Reviewer into a flexible toolset that can adhere to any corporate deployment model. With Team Reviewer, REST API are available and built on a set of services according to the Service-Oriented Architecture concept and allows different Security Reviewer user spaces to be hosted independently of each other and to support very large scale deployments. Your source code will never leave your desktop. Upload is based on AES-256 encryption through a Secure Channel.

library_books

Software Composition Analysis

96.8% of developers rely on open source components. Security Reviewer SCA analyzes all dependencies of your application on 3rd-party libraries and discovers: Outdated Libraries, Blacklisted Library, Discontinued Libraries, Vulnerable Libraries (OWASP A9 - Avoid Using known vulnerable Components), Vulnerable Frameworks, Blacklisted Licenses, License Conflicts, Suspicious Licenses, Poor Man Copyrights, SPDX Bill Of Materials, etc. publishing results to a bunch of Dashboards, like OWASP Dependency Track, ThreadFix, SonarQube, CodeDx, Micro Focus Fortify SSC, Kenna Security or directly inside your preferred CI/CD platform, like Jenkins, CloudBees, Azure DevOps, Concourse-ci, GitLab CI/CD or Atlassian Bamboo. It supports the larger list of programming languages in the market. Further, Security Reviewer SCA fully integrates with JFrog Artifactory, Sonatype Nexus Pro and OSS Index.

dashboard

Container Security

Containers are becoming the standard form in which applications are packaged and executed, so the need to protect not only the application itself but the entire Container against open source vulnerabilities is growing. With its unique developer-first approach, our solution will seamlessly integrate with the various development and runtime platforms throughout the SDLC – providing Deep Container Analysis, automated vulnerability remediation, thanks to our leading vulnerability database. Support for: Docker, Kubernetes, OpenShift, MesoSphere/D2IQ, Rancher, Quay, Singularity, Pivotal CF and any container compliant to APPC specifications. Developers can do continuous vulnerability detection and remediation in the DevOps pipeline by deploying our plugins for CI/CD tools, or via REST APIs

In a rapidly changing threat environment, Security Reviewer‘s core technology and its DevOps integrations have given us the flexibility to conduct rapid code review cycles, which is an obvious benefit for our projects.

Goverment Institution M.R. | IT Dept.

Very easy to insert the tool in our DevOps because there are a wide variety of ways to access the source-code, initiate scans, and review the results. The projects need not care about getting a tool, and it is cheaper using it.

BitBrainery I.V. | IT Dept. (UK)

We use it to assess or do security inspections of our software. We have a very large portfolio of software across our enterprise. The platform scales with the dynamics of our organization, with people in many locations.

Telco M.L. | NSS Dept.

Trusted by

SystemIntegrators

Recognized by

OWASP   NIST   AgileAlliance   SQALE

Certifications

CWE COMPATIBLE   ORACLE Linux Ready   RedHat Certified   SUSE Ready   Powered by AWS

Industry standards

Industry Standards