Solared APPscreener

SolaredAPPscreener provides detailed recommendations and instructions on addressing any vulnerabilities by either (1) amending the source code or (2) using remedies available in SIEM, WAF and Firewall systems.

solared-insight-logo

Description

SolaredAPPscreener consists of three functional elements:

  1. Analytics system
  2. Reporting system
  3. Fuzzy Logic Engine to process false positives

This structure makes SolaredAPPscreener a fast & efficient application security-testing tool that requires no lengthy setup or training.

SolaredAPPscreener is next-generation software for application security testing. SolaredAPPscreener convenient interface requires just a couple of clicks, since all the intricate variability of algorithms and settings is automated as much as possible.

If the source code is available, the scanner easily integrates with software repositories. Otherwise, a working copy of the program can be simply uploaded to SolaredAPPscreener. Mobile software can to be tested by merely copying a link the app in Google Play or Apple Store into the APPscreener menu.

SolaredAPPscreener provides detailed recommendations and instructions on addressing any vulnerabilities by either (1) amending the source code or (2) using remedies available in SIEM, WAF and Firewall systems.

SolaredAPPscreener Advantages

  • No need for source code to analyse applications
  • Test results are generated in the format of specific recommendations on addressing vulnerabilities
  • Detailed instructions are produced on setup procedures for SIEM, WAF, FW and NGFW security systems
  • Several code analysis technologies are employed to detect a greater number of Vulnerabilities
  • A user-friendly interface that enables scanning by just two mouse clicks
  • The product seamlessly integrates with the process of secure software development

Problems Addressed by SolaredAPPscreener

  • Web and mobile applications are available to external users; the IS department, while having no control over their security, is still held responsible for incidents
  • Lack of proper communication between the IS department and developers: the source code is not handed over to IS, or, at best, IS gets an archive that is almost impossible to sort out
  • Web application code errors take too long to fix
  • Data leaks owing to bugs intentionally built into the code by developers
  • Lack of control over the security of applications used by the company


Interesting facts

  • First product that analyzes applications without the source code using the “white box” method
  • The fuzzy logic engine reduces the number of false positives
  • A local and a cloud version are available
  • The development team includes three PhDs specializing in code decompilation
  • A user-friendly interface that enables scanning by just two mouse clicks

SolaredAPPscreener is an indispensable tool for any organization that

  • Provides online services to external users
  • Uses critical systems and applications developed in-house or by a third party
  • Requires strict control over in-house or third-party development, particularly because source codes are not available
  • Has the SDLC methodology in place, so data security processes play a role in code acceptance
  • Needs to meet standards and regulations regarding software code analysis


SolaredAPPscreener Main Features

SolaredAPPscreener is static code analysis tool designed to identify information security vulnerabilities and undeclared features.


Static Code Analysis

SolaredAPPscreener allows analysis of the source code developed in the following languages Java, Scala, Java for Android, PHP, Objective C, С#, PL/SQL, JavaScript, Python 2, Python 3, Swift, T-SQL, C/C++, Visual Basic 6.0, Ruby.

A source code can be uploaded for analysis both by simple uploading the source code files to the scanner, as well as direct upload from the repository.

In case source code is not available, you can upload the application executable files to SolaredAPPscreener both for web-applications and mobile applications testing. In particular, for mobile applications it is required to simply copying the application URL from Google Play or Apple Store to the scanner. The application will be automatically downloaded, decompiled and checked.

Search of Undeclared Features

Search of undeclared features is a non-trivial task, even if to perform it in "manual mode" under ideal conditions: when source code, detailed documentation and plenty of time are available. SolaredAPPscreener provides a set of algorithms for automatic search of undeclared features. These algorithms are our own knowledge base and constantly updated. Of course, it is impossible to claim that the scanner is able to identify all undeclared features in the application. But since the search algorithm is automated, the number of detected undeclared features would be sufficiently large.

When checking a source code with a help of SolaredAPPscreener, a user is able to edit vulnerability search rules and mark false positives. During this system training, it is possible to create advanced mechanisms to detect false-positives, as well as define new types of vulnerabilities and undeclared features.

Recommendations for Configuration of Imposed Protection Facilities

A significant portion of applications that our customers check for vulnerabilities are web applications. These applications are on the boundary of the protection perimeter and as a rule they process important information which attracts intruders. The risks are great enough, but in some cases developers propose an unacceptable term to eliminate the vulnerability detected in code, such as a few months. This may be due to deficiency of developers and objective need to make large architectural changes to an application code. A certain number of dangerous vulnerabilities can be protected by imposed protection facilities until application code is not corrected. To do this, SolaredAPPscreener implements functionality for generation of detailed recommendations with screenshots for processing a number of vulnerabilities by means of imposed protection facilities. This functionality is implemented for many protection facilities, for example, Imperva WAF, Cisco, Check Point.

Integration with Development Process

SolaredAPPscreener integrates with continuous integration systems (Continuous Integration - CI), allowing establishment of continuous quality control process and reducing the time required for source quality control. In addition, SolaredAPPscreener helps to automate testing of new software builds and can be embedded in a secure development process (SDLC). The solution allows distinguishing the user access to software, thus each developer can control the security level and presence of errors only in its part of a project.

User-Friendly Interface

SolaredAPPscreener interface very easy to use. It is based on the lightweight user interaction logic which does not require deep technical knowledge to interpret the scan results. It also supports solution control via the command line console.

Reports

Along with convenient interface representation of the results, SolaredAPPscreener provides flexible functionality for generation of reports in .pdf and .html formats as well as in Solar inView format. Reports are generated automatically and their content can be edited by a user.