ShiftLeft Ocular Identifies Business Logic Flaws 10x Faster than Manual Code Reviews

ShiftLeft Ocular Identifies Business Logic Flaws 10x Faster than Manual Code Reviews

Today we’re announcing enhancements to Ocular that empower organizations to discover business logic flaws during application development 10 times faster than manual code reviews.Updates to Ocular include support for four new programming languages, C#, C, C++ and Scala, which improve development efforts with coverage for the top cloud, Internet of ... Read More
ShiftLeft Raises $20 Million in Series B Funding

ShiftLeft Raises $20 Million in Series B Funding

Today we are thrilled to announce a new $20M round of Series B funding. Thomvest Ventures led the round and was joined by new investor SineWave Ventures. Our existing investors, Bain Capital Ventures and Mayfield Ventures, also participated in the Series B.This funding is about expansion. Having found initial product-market ... Read More
ShiftLeft for .Net

ShiftLeft for .Net

Today we’re announcing the general availability of our continuous application security service for the .Net Framework (.Net). .Net developers can now leverage the highest ever benchmarked source code analysis [1] to automatically create custom security profiles that protect their applications in runtime.As enterprises modernize their software development practices (agile methods, ... Read More
The Need for Real-World Runtime Protection Benchmarking

The Need for Real-World Runtime Protection Benchmarking

First-principles thinking is one of the best ways to reverse-engineer complicated problems and unleash creative possibility. Sometimes called “reasoning from first principles,” the idea is to break down complicated problems into basic elements and then reassemble them from the ground up. It’s one of the best ways to unlock creative ... Read More
Deserialization Vulnerability Confirmed in Nexmo 3.4.0 SDK

Deserialization Vulnerability Confirmed in Nexmo 3.4.0 SDK

Nexmo has confirmed that their 3.4.0 SDK contained the Jackson-databind vulnerability that we announced earlier this week as widespread amongst SaaS SDKs.The deserialization vulnerability can be escalated into remote control execution (RCE) by triggering a gadget chain of either certain versions of Java or Spring. This makes the vulnerability particularly ... Read More
ShiftLeft Wins 2018 Gartner Cool Vendor for DevOps

ShiftLeft Wins 2018 Gartner Cool Vendor for DevOps

Gartner recently recognized ShiftLeft as a 2018 Cool Vendor in DevOps for our continuous application security service. The Cool Vendor designation is awarded to new companies that are “innovative, impactful and intriguing.”We’re hosting a webinar tomorrow to introduce ShiftLeft and explain why we are cool:https://go.shiftleft.io/gartner-cool-vendors-for-devopsWhile DevOps has led to incredible ... Read More
OffensiveCon 2018: Building a Zero-Day Machine

OffensiveCon 2018: Building a Zero-Day Machine

Fabian Yamaguchi, Niko Schmidt & Marco Bartoli of ShiftLeft recently presented on our efforts to build a zero-day vulnerability machine at OffensiveCon. You can watch their presentation below.FIELD REPORT ON A ZERO-DAY MACHINEMake no mistake, security is about finding and exploiting vulnerabilities, not the ones everyone already knows about. The ... Read More
Your App is Leaking Data, Its Just a Question of How Badly

Your App is Leaking Data, Its Just a Question of How Badly

If data leakage isn’t the fastest growing problem in AppSec, I don’t know what is. In our experience, 100% of customer environments are leaking data. The adoption of microservices, combined with increasingly shorter development cycles, means that understanding how critical data flows into, within, and out of an application is ... Read More
7 Questions to Ask About Your DevSecOps Program

7 Questions to Ask About Your DevSecOps Program

If you’ve implemented, or are implementing, a DevSecOps program, we’ve come up with several questions to consider below. By posing these questions, we hope to help spur new ideas and help identify areas for improvement. We’re also hosting a webinar on implementing DevSecOps next Wednesday (3/21/18).Is My Application (or Microservice) ... Read More
What the Next Era of Cloud Computing Means for AppSec & the SDLC

What the Next Era of Cloud Computing Means for AppSec & the SDLC

Since the 1990s there have been three logical phases of cloud adoption, from pioneering to mass adoption and managing. Effectively, the success of each phase led to the next phase, and we are in the management phase today. However, it’s the problems that managing phase solutions haven’t been able to ... Read More