PORTALiNCUBATOR’s Secure Code Assessment provides a solution to rapidly scan your critical applications vulnerable to attack and exploitation. The Secure Code Assessment will provide you with the information you need to understand the risk posed by your applications, address that risk, and assist with remediation efforts.
The Secure Code Assessment will focus your security investments on the areas of greatest criticality while identifying source code vulnerabilities and correcting those vulnerabilities.
PORTALiNCUBATOR’s Secure Code Assessment is the fastest solution for rapid risk reduction of source code security flaws and can be delivered either onsite or through a secure ASP.
Safer Software
PORTALiNCUBATOR provides automated source code security test and measurement solutions that enable your company to immediately reduce its risk from software vulnerabilities and the costs associated with malicious breach of its applications. Reducing the high cost of software security testing, PORTALiNCUBATOR helps customers identify and remediate vulnerabilities via an automated security test and measurement service. PORTALiNCUBATOR’s Secure Code Assessment provides for the creation of a safer software application through the continuous automated assessment of software.
One division of a global money center bank can generate 100 million lines of code a year. Unintentional errors aside, security engineers are simply overwhelmed by the volume of code that needs to be checked.
All software ships with some bugs. However to generate safer code, companies must strike a balance between risk, speed, quality and cost in order to determine whether and what code to test for security problems. Since the vulnerability field and volume of code to check is large, the cost to check vulnerabilities by hand/eye is high, and the window of opportunity for software assessment short, companies simply cannot test all their code for security problems. The result is that businesses are forced to deploy applications that are vulnerable to exploitation.
Challenge of Creating Safer Software
Conventional software development processes do not incorporate steps that specifically test code for security weaknesses. The National Institute of Standards and Technology estimates that nearly 90% of all software developed each year for use in the United States is never screened for potential security flaws.
Three significant barriers stand in the way of better software source code security testing.
Code Can Contain Many Types of Security Problems:
Testing software is difficult. Testing software for security issues is an even tougher challenge. This is because the range of security vulnerabilities that must be checked for is broad, complex and constantly changing. Testing for security issues involves multiple processes. Defining what is a true vulnerability, keeping current with the discovery of new vulnerabilities, understanding what the trigger instance of the vulnerability looks like and how it can be invoked, to simply capturing, codifying and controlling institutional memory concerning security vulnerabilities, are daunting tasks for any organization.
Cost Effective Secure Code:
Every software development organization today is tracked as a cost center with the constant goal of having more code created more cost effectively. Debugging and functional testing already chew up the majority of every software project budget. In addition, there is more code to examine. Over 450 billion lines of software are generated annually for U.S. organizations alone. Given the additional expense of checking all that code for security issues and the cost conscious nature of today’s IT organization, most companies conduct minimal, if any, security checks on code.
Speed and Time:
Today, checking code for security issues is largely manual. It requires highly trained security engineers, experienced in the language the application is written in, who can generally only sample code versus analyzing the entire application. Few people have the skill set to analyze the code for security flaws and those that do find the work tedious, boring, and 1 poor use of their time. Examining source by hand is also slow and prone to error. The best security engineers claim a code scan rate of 4,000-5,000 lines a day. The Secure Code Assessment is designed to eliminate security vulnerabilities at any stage of the development lifecycle, generate clear and consistent metrics that drive code quality assurance programs and dramatically reduce the cost of checking code for security anomalies. Through its innovative use of new technology, PORTALiNCUBATOR reduces the vulnerability detection workload on the software and security engineering teams. By automating a majority of the source code security checking function and relieving the software engineering teams of performing hand/eye security reviews PORTALiNCUBATOR can enable more code to be checked more thoroughly at a lower over all cost. The end result is safer code.
Next Generation Security Analysis
PORTALiNCUBATOR utilizes a set of technology components that together, rapidly scan your critical applications vulnerable to attack and exploitation. PORTALiNCUBATOR’s Secure Code Assessment uses several different algorithms for vulnerability detection, converts the output of those algorithms into common uniform language, and references that data against a proprietary vulnerability rules and instances knowledge base and then delivers security test and measurement capability through a platform that integrates seamlessly into any code development process. The output is a set of clear and consistent reports that can be used to improve code quality. By technically automating and optimizing each of the steps associated with algorithm based testing into one integrated solution PORTALiNCUBATOR can rapidly and efficiently reduce the security risk in code. The PORTALiNCUBATOR Secure Code Assessment utilizes a proprietary platform that is built on a unique architecture that utilizes multiple testing algorithms, intelligent analyzer lenses, vulnerability classification taxonomy and a rules and instance knowledge base.
PORTALiNCUBATOR’s Secure Code Assessment utilizes multi-algorithm capability that can detect risk quickly, examine large amounts of code cost effectively, and assess a wide vulnerability horizon as well as easily deploy across heterogeneous development environments.
Languages Scanned:
C, C++, .NET (C#, VB, etc), Java, JSP
Development Platforms:
Windows, .NET, Linux, Solaris
Runtime Platforms:
Windows, Linux
PORTALiNCUBATOR can assist with remediation of any vulnerability identified in the source code.
PORTALiNCUBATOR
5490 McGinnis Village Place, Suite 203 Alpharetta, GA 30005
Sun, Sun Microsystems, the Sun Logo, Solaris, Java and all Java related products are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries
