ShiftLeft Extends Attackability Detection Coverage to JavaScript and TypeScript


The new version adds the most popular programming language to the analysis arsenal of users of NG-SAST and I-SCA, strengthening ‘shift left’ security practices by analyzing full attack data paths and by prioritizing “attackable” vulnerabilities.

ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Intelligent-SCA product has added parsing and attack analysis for JavaScript (JS) and the TypeScript language (TS ) to the ShiftLeft CORE platform. JavaScript is the most widely used programming language and is also a frequent attack target for cybercriminals looking to exploit vulnerabilities in open source code and the software supply chain.

Development teams using JavaScript frequently add functionality to their code by quickly writing new code or borrowing it from open source libraries like npm or reusing existing libraries and code modules on GitHub. Since JavaScript is a dynamic language and a sort of “Swiss Army Knife” that works on both the front-end and the server-side, developers often move quickly to write quick fixes or hacks that create vulnerabilities longer term. Equally difficult, open source JavaScript libraries frequently contain vulnerabilities that create an unknown risk to the application. When the risks introduced are severe, months of remediation work may be required to identify and address all ramifications of the risks.

By adding JavaScript coverage, ShiftLeft has dramatically expanded the ability of Application Security Teams (AppSec) to shift security to the left by providing detailed and specific guidance to development teams on vulnerabilities in web applications and JavaScript frameworks that can lead to damaging attacks. “With the addition of JavaScript coverage, ShiftLeft is one of the most comprehensive solutions on the market and allows us to test all of our web application code before going into production,” said Adam Fletcher, director of security at Blackstone. “This means we detect security vulnerabilities earlier and can focus our efforts on the most attackable vulnerabilities, which allows us to ship code safely faster. With the new product features, ShiftLeft offers the following benefits:

  • The only Software Composition Analysis (SCA) solution that accurately prioritizes open source JS / TS vulnerabilities by attack with pre-production scans

  • The only SAST solution that accurately identifies attackable JS / TS vulnerabilities in proprietary code with pre-production scans

“By adding JavaScript coverage, ShiftLeft can dramatically increase the percentage of application code covered by attack information,” says Alok Shukla, vice president of products, ShiftLeft. As the most popular language playing a vital role in the global web and application infrastructure, the security of JavaScript will become even more important as the pace and severity of application and supply chain attacks. open source – much of which is written in JavaScript – will increase in the year 2022.

The addition of JS / TS coverage further consolidates ShiftLeft as the most comprehensive and authoritative provider of application security testing and attack analysis in the market today. Application security teams and developers using ShiftLeft are able to close more security holes at a faster rate and spend more time focusing on important issues with ShiftLeft’s unique ability to highlight attackable vulnerabilities and to clearly identify theoretical low-risk vulnerabilities.

About ShiftLeft

ShiftLeft enables software developers and application security teams to drastically reduce the attack on their applications by providing near-instantaneous security feedback on software code with every pull request. By analyzing application context and near real-time data flows with unmatched precision, ShiftLeft enables AppSec developers and teams to find and remediate the most serious vulnerabilities faster. Using its unique graphical database that combines code attributes and analyzes actual attack paths based on actual application architecture, ShiftLeft’s platform searches for context and pathways. ‘attack typical of modern applications, through APIs, OSSs, internal microservices, and first-party business logic code, and then provides detailed advice on remedying risks in existing development tools and workflows . ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA) and contextual security training through ShiftLeft Educate to provide developers and application security teams with the fastest, most accurate, and most relevant and easy-to-use automated application security and code analysis platform solutions.

Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures and SineWave Ventures, ShiftLeft is based in Santa Clara, California. To learn how ShiftLeft keeps AppSec in sync with the fast pace of DevOps, see

Source link


About Author

Comments are closed.