SolaredAPPscreener consists of the reporting system and the analysis system, which include several functional modules.
- Provides recommendations in easy to understand format for both information security (IS) team and software developers:
- IS format reports provide detailed recommendations to eliminate vulnerabilities with a description of operation methods. Also this format contains detailed recommendations for configuration of protection and monitoring facilities. These recommendations are useful when it is required to block the possibility of vulnerability exploitation before a code is fixed;
- Reports for developers contain detailed descriptions of vulnerabilities, references to code sections that contain these vulnerabilities and recommendations to eliminate them by making changes to a code;
- Constantly updated databases of vulnerability signatures and detailed recommendations for their elimination;
- Ability to upload reports in different formats.
Mechanisms of SolaredAPPscreener analysis system include several functional modules.
Code Analysis Technologies
SolaredAPPscreener is based on two technologies:
- Decompilation that is reverse engineering of source code from executable files;
- Technology of source code analysis, which includes lexical and semantic analysis modules.
Enterprise moduleThis module is successfully used at the present time and implements the following functionality:
- Analysis of applications in Java, Scala, iOS and Android platform using the method of static analysis in case of source code absence;
Fuzzy Logic Engine
This module is required to minimize the number of false positives and false negative in code. This module is implemented using the fuzzy logic mathematical apparatus and is the technological know-how of Solar Security. Parameters of this module filters are defined by knowledge base that is constantly updated according to the results of implemented projects. The number of false positives and false negatives is one of the key parameter of code scanner, so technological modernization of this module is an important priority of product development.
SolaredAPPscreener integration possibilities
SolaredAPPscreener Solution has broad capabilities for integration:
- Integration with development repository. Code for analysis is loaded directly from a repository, in this case it is not required to load files with source code every time;
- Integration with Service Desk. When a vulnerability is detected, information security specialist can not only eliminate the vulnerability using help of its department, but it can in a few clicks open the case for implementation of recommendations issued by other departments. For example, recommendations for administrators to make the appropriate rules in the WAF or SIEM;
- Integration into the continuous integration (Continuous Integration) and safe development (SDLC) processes;
- Integration with Solar inView. The results of inCode operation are integrated into the structure of reports and metrics of inView.