Find App Vulnerabilities before Hackers do

To ensure accurate risk severity, Security Reviewer Suite correlates the results from across its multiple analyzers (Static, Dynamic and Binary). This provides an accurate picture of your Application's security and ensures development is addressing the most significant issues first.

Security Reviewer identifies the root cause of the problem - not just the symptom, providing line-of-code level details for more than 1100 validation rules for 40+ programming languages, compliant with the best international standards like OWASP 2017, Mobile OWASP 2016, CWE, PCI-DSS 3.2 and more.

bug_report

Application Inspection

It provides root-cause identification of vulnerabilities in source code and libraries. Security Reviewer is guided by the largest and most comprehensive set of secure coding rules and supports a wide array of languages, platforms, build environments and integrated development environments (IDEs). Compliant with: OWASP, CWE, CVE, CVSS, MISRA, CERT.

remove_red_eye

Dynamic Analysis

Dynamic Reviewer is an hybrid solution. You can inspect your web application during running, during the Development Lifecycle. Its special PenTest features, allowing to explore vulnerabilities in your Web Applications.

widgets

Binary Analysis

Binary Reviewer allows to explore vulnerabilities in the binary code at the same time to keeping the software securely in your own hands, at your premises. Binary Reviewer streaming based architecture allows direct feedback and processing of analysis results with little overhead and high performance. The trick is that Binary Reviewer can combine dynamic and static data in order to enrich its analysis results using e.g. data flow tracking.

smartphone

Mobile

Mobile Reviewer is built on the software-as-a-service (SaaS) model, enabling enterprises to get on-demand security assessments of their Mobile Apps. Mobile Reviewer frees enterprises from having to spend resources on the purchase of software or Mobile device simulators, on hiring software security experts and consultants to operate it, and on constant maintenance to keep effective. With Mobile Reviewer, enterprises simply submit Apps through an online platform and quickly get back test results.

low_priority

Forget about False Positives

Our Rule Engine with its internal multi-threaded, optimized state machine based on Dynamic Syntax Tree, is the fastest in the market. It does not need any internal or external DBMS to run, and it is fully extensible via XML. Its unique capability to reconstruct an intended layering, makes it an invaluable tool for discovering the architecture of a vulnerability that has been injected in the source code, with very rare cases of False Positivies.

settings

Nothing left Uncovered

Supported Programming Languages: C#, Vb.NET, VB6, ASP, ASPX, JAVA, JSP, JavaScript, TypeScript, Java Server Faces, Ruby, Python, R, GO, Kotlin, Groovy, Flex, ActionScript, PowerShell, LUA, HTML5, XML, XPath, JSON, C, C++, PHP, SCALA, Objective-C, Objective-C++, SWIFT, COBOL, JCL, RPG, PL/I, ABAP, SAP-HANA, PL/SQL, T/SQL, U-SQL, Teradata SQL, SAS-SQL, ANSI SQL, IBM DB2, IBM Informix, MySQL, FireBird, PostGreSQL, SQLite, MongoDB.

exposure

Estimate your Effort

Fully configurable OMG Automated Function Points and NESMA FPA (ISO 24570:2018) functionalities are provided as well as a modern software sizing algorithm called Weighted Micro Function Points (WMFP©2009 by Logical Solutions), a successor to solid ancestor scientific methods as COCOMO, REVIC, COSMIC-FFP and Backfired Function Points, that are also provided applying Motorola© six-Sigma methodology, QSM© and Capers Jones algorithms.

network_check

All you need is Quality

Software Security + Software Quality = Software Integrity. Quality Reviewer evaluates regressions and understands changes in the source code using automated Software Metrics visualization (SW complexity, size and structure Metrics, Halstead Metrics, Chidamber & Kemerer, Mood, QMood, Cognitive Metrics), as well as Effort Estimation and reporting features. It helps to keep code entropy under control, be it in house development or outsourced maintenance projects.

call_made

SQALE Dashboard

Security Reviewer is an Official SQALE tool. SQALE is a methodology for reporting Security, Quality, Dead Code and Best practices as well as Technical Debt in a unique Dashboard. Technical Debt is the estimated man-time that would take to fix the issues. Rules and formulas can be created and customized to better match your teams' needs and habits. Nowadays, the Technical-Debt metaphor has been widely adopted by the software industry, standardized by ISO 9126 and ISO 25010.

autorenew

Continuous Integration

Security Reviewer provides seamless bi-directional integration with existing lifecycle tools to make Static Analysis a natural part of the SDLC process, including market-leading IDEs, Source Control Management (SCM), Code Coverage, Bug Tracking, Build and Continuous Integration, and Application Lifecycle Management (ALM) solutions. Surface and remediate defects from within the Eclipse, Visual Studio or IBM Rational Team Concert IDE.

developer_board

Flexible Deployment Model

Security Reviewer realises that to gain acceptance within enterprise class IT organizations, deployment models must respect official policies. The external server model sometimes provokes resistance as well as old-fashioned desktop apps. In response to such concerns Security Reviewer has a ‘Hybrid’ deployment strategy, which converts Security Reviewer into a flexible toolset that can adhere to any corporate deployment model. You have REST API ed., Continuous Integration ed., Server ed., Developer ed., Desktop ed. and SR Connect. The last is the hybrid one. SR Connect is built on a set of services according to the Service-Oriented Architecture concept and allows different Security Reviewer user spaces to be hosted independently of each other and to support very large scale deployments. Your source code will never leave your desktop. Reporting is bases on AES-256 encryption through a Secure Channel.

library_books

Software Composition Analysis

96.8% of developers rely on open source components. Security Reviewer SCA analyzes all dependencies of your application on 3rd-party libraries and discovers: Outdated Libraries, Blacklisted Library, Discontinued Libraries, Vulnerable Libraries (OWASP A9 - Avoid Using known vulnerable Components), Vulnerable Frameworks, Blacklisted Licenses, License Conflicts, Suspicious Licenses, Poor Man Copyrights, SPDX Bill Of Materials, etc. publishing results to a bunch of Dashboards, like OWASP Dependency Track, ThreadFix, Sonarqube, CodeDx, Micro Focus Fortify SSC, Kenna Security or directly inside your preferred CI/CD platform, like Jenkins or Bamboo. It supports the larger list of programming languages in the market. Further, Security Reviewer SCA fully integrates with JFrog Artifactory, Sonatype Nexus Pro and OSS Index.

dashboard

Container Security

Containers are becoming the standard form in which applications are packaged and executed, so the need to protect not only the application itself but the entire Container against open source vulnerabilities is growing. With its unique developer-first approach, our solution will seamlessly integrate with the various development and runtime platforms throughout the SDLC – providing Deep Container Analysis, automated vulnerability remediation, thanks to our leading vulnerability database. Support for: Docker, Kubernetes, OpenShift, MesoSphere, Rancher, Quay, Singularity, Pivotal CF and any container compliant to APPC specifications. Developers can do continuous vulnerability detection and remediation in the DevOps pipeline by deploying our plugins for CI/CD tools like Jenkins or Bamboo, or via REST APIs