Design

Runtime security analysis detects known open source vulnerabilities

25th July 2016
Daisy Stapley-Bunten
0

Synopsys has announced the version 3.8 release of its Seeker product, the company's innovative runtime security analysis solution and one of the latest additions to its Software Integrity Platform. Seeker analyses web application code and data flows at runtime using a technique known as an Interactive Application Security Testing (IAST), which detects and confirms exploitable security vulnerabilities and provides actionable guidance that enables developers to address their root causes with ease. 

The Seeker 3.8 release includes improvements to its security analysis, usability and technology support.

Most notably, Seeker 3.8 now has the ability to detect known vulnerabilities in web applications' open source and third-party software components through a turnkey integration with Synopsys' Protecode Supply Chain (SC) technology. Seeker 3.8 automatically scans target web application binaries and produces a list of the detected open source and third-party dependencies (also known as a software bill of materials), a list of known vulnerabilities affecting its components, and pertinent software license attributes. This feature provides coverage for 'A9 – Using Components with Known Vulnerabilities,' one of the OWASP Top 10 most critical web application security flaws.

"Modern web applications depend on an increasingly vast and complex supply chain of open source and third-party software components," said Andreas Kuehlmann, Senior Vice President and General Manager of Synopsys' Software Integrity Group. "There are thousands of known vulnerabilities that affect commonly used components, and they represent low-hanging fruit for attackers. Software composition analysis is an invaluable complement to Seeker's runtime security analysis as it provides a more comprehensive view of an applications' risk posture."

Seeker 3.8 includes several updates to improve its ease of use and ease of deployment, making it more flexible and easier to adopt across a variety of enterprise development and testing environments. This release also adds support for MongoDB and PHP 7, extending its utility to a wider range of web applications and services.

Synopsys will showcase Seeker 3.8 and the rest of its Software Integrity Platform at Black Hat USA 2016 in Las Vegas, Nevada on 3rd and 4th August. To learn more, visit Synopsys at booth #960 in the Black Hat Business Hall.

Seeker and the other tools in Synopsys' Software Integrity Platform are used to facilitate 'software signoff', an integrated development and testing methodology that aims to ensure software quality and security. Pioneered by Synopsys to emulate the signoff concept used in Integrated Circuit (IC) design, software signoff involves a series of automated testing cycles at critical points throughout the software development lifecycle and software supply chain.

About the Synopsys Software Integrity Platform
Through its Software Integrity Platform, Synopsys provides advanced solutions for improving the quality and security of software. This comprehensive platform of automated analysis and testing technologies integrates seamlessly into the software development process and enables organisations to detect and remediate quality defects, security vulnerabilities and compliance issues early in the software development lifecycle, as well as to gain security assurance with and visibility into their software supply chain.

Featured products

Upcoming Events

View all events
Newsletter
Latest global electronics news
© Copyright 2024 Electronic Specifier