ShiftLeft for .Net
Today we’re announcing the general availability of our continuous application security service for the .Net Framework (.Net). .Net developers can now leverage the highest ever benchmarked source code analysis [1] to automatically create custom security profiles that protect their applications in runtime.
As enterprises modernize their software development practices (agile methods, cloud infrastructure, open source libraries, DevOps automation, microservice architectures, etc.), their efficiency gains in feature release velocity strain traditional security practices, which have remained largely manual.
The most prevalent vulnerability for .Net applications is information leakage, such as inadvertently pushing critical data to external logs, code repositories or databases. Unlike traditional external approaches to identifying data leakage, which rely on highly inaccurate pattern-matching, ShiftLeft maps data flows from the inside the application. ShiftLeft identifies which objects and variables are critical and plots their path across sources, transforms and sinks whether they be micoservices, open source libraries, commercial SDKs or 3rd party APIs.
“With Europe’s GDPR, and states like California adopting similar privacy laws, data protection is no longer just finance and healthcare’s problem. The types and volume of data that must be treated as critical is skyrocketing for all industries,” said Chetan Conikee, ShiftLeft CTO and Co-Founder. “Now ShiftLeft enables .Net developers to automatically determine whether or not new release inadvertently leaking data, such as logging device tokens in Splunk or unencrypted credit card numbers in S3.”
As .Net Core and Azure have embraced open source, the adoption of open source libraries in .Net applications is growing rapidly. Despite their efficiencies, open source libraries introduce new security challenges. The most difficult of which are contextual vulnerabilities, that stem not from the library itself, but how it interacts with the rest of the application. However, ShiftLeft’s Code Property Graph understands what an application is and is not supposed to do. Hence, contextual vulnerabilities represent deviations that are easily identified.
“Until now, .Net security teams have been faced with a terrible choice: slow down the driver of innovation or release insecure code,” said Manish Gupta, ShiftLeft CEO and Co-Founder. “In less than 10 minutes, our Code Property Graph can identify how an application is vulnerable during the build process and then block exploit attempts when release to production. This means even the most advanced CI/CD environments can release as fast as they want to without ever worrying about security slowing them down.”
To see how ShiftLeft can improve security of your .Net applications, please request a free trial today!
ShiftLeft for .Net was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.
*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog - Medium authored by Andrew Fife. Read the original post at: https://blog.shiftleft.io/shiftleft-for-net-d0050d4b58f4?source=rss----86a4f941c7da---4
