DevOps.com

  • Latest
    • Articles
    • Features
    • Most Read
    • News
    • News Releases
  • Topics
    • AI
    • Continuous Delivery
    • Continuous Testing
    • Cloud
    • Culture
    • DevSecOps
    • Enterprise DevOps
    • Leadership Suite
    • DevOps Practice
    • ROELBOB
    • DevOps Toolbox
    • IT as Code
  • Videos/Podcasts
    • DevOps Chats
    • DevOps Unbound
  • Webinars
    • Upcoming
    • On-Demand Webinars
  • Library
  • Events
    • Upcoming Events
    • On-Demand Events
  • Sponsored Communities
    • AWS Community Hub
    • CloudBees
    • IT as Code
    • Rocket on DevOps.com
    • Traceable on DevOps.com
    • Quali on DevOps.com
  • Related Sites
    • Techstrong Group
    • Container Journal
    • Security Boulevard
    • Techstrong Research
    • DevOps Chat
    • DevOps Dozen
    • DevOps TV
    • Digital Anarchist
  • Media Kit
  • About
  • AI
  • Cloud
  • Continuous Delivery
  • Continuous Testing
  • DevSecOps
  • DevOps Onramp
  • Practices
  • ROELBOB
  • Low-Code/No-Code
  • IT as Code
  • More
    • Application Performance Management/Monitoring
    • Culture
    • Enterprise DevOps

Home » Latest News Releases » ShiftLeft Ocular Identifies Business Logic Flaws 10x Faster than Manual Code Reviews

ShiftLeft Ocular Identifies Business Logic Flaws 10x Faster than Manual Code Reviews

By: Deborah Schalm on July 16, 2019 Leave a Comment

Support for New Programming Languages and Enhanced Regression Testing Delivers First-of-its-Kind Vulnerability Analysis Solution

Recent Posts By Deborah Schalm
  • Exabeam Reinvents Security Analytics with Fusion XDR and Fusion SIEM Cloud Products to Address Security Needs at Scale
  • New Study Reveals Importance of Optimized Strategy for the Selection, Support, and Maintenance of Open Source Software
  • Applitools Integrates With Rally for Fast and Automated Bug Management
More from Deborah Schalm
Related Posts
  • ShiftLeft Ocular Identifies Business Logic Flaws 10x Faster than Manual Code Reviews
  • ShiftLeft Announces Strategic Investment from and Go-to-Market Partnership with Wipro
  • ShiftLeft and CircleCI Strengthen DevOps Security by Inserting Code Analysis as Far Left as Developer Pull Requests
    Related Categories
  • Latest News Releases
    Related Topics
  • ShiftLeft
Show more
Show less

Santa Clara, Calif. – July 16, 2019 – ShiftLeft Inc., an innovator in automated application security, today announced enhancements to its Ocular solution that empower organizations to discover business logic flaws during application development 10 times faster than manual code reviews.

Updates to Ocular include support for four new programming languages, C#, C, C++ and Scala, which improve development efforts with coverage for the top cloud, Internet of Things (IoT) and embedded applications. The updates also include blazing fast automated security regression testing in CI/CD, which ensures previously fixed business logic flaws are never reintroduced. Ocular can analyze two million lines of code in under eight minutes, which is 40 times faster than typical code analysis tools.

With Ocular, a Fortune 500 customer is able to find vulnerabilities 10 times faster than manual code reviews. In less than the time it took to typically find one vulnerability, the company quickly found eight zero-day vulnerabilities in its custom code and open source libraries, including an insecure direct object reference, which would allow attackers to manipulate direct object references by merely changing the predictable sequence in order to access other objects without authorization.

The pace and complexity of modern applications has grown beyond human scale. Even the best security reviewers cannot comprehend the logic of tens or hundreds of thousands of lines of code to find flaws. Yet, to date, the only way for organizations to detect business logic flaws in development is through manual code reviews, which are error prone and take weeks to complete. The result is the majority of releases have little or no checks for business logic flaws and the overwhelming majority go unnoticed in development.

Unlike technical vulnerabilities — such as SQL injection, cross-site scripting and deserialization — business logic flaws often require little or no technical expertise to exploit. For example, in the recent First American Financial Corp. data breach, a control flow reachability business logic flaw was exploited by simply changing values in a URL.

Matias Blanco, manager of application security at Okta, said of Ocular: “Millions of daily users rely on the Okta Identity Cloud to access the technologies they need. For an agile software development team, every minute is valuable, and the time spent on in-depth code audits can be especially challenging. ShiftLeft Ocular promises to turn weeks into hours when it comes to code security reviews.”

Ocular is an interactive shell to query ShiftLeft’s Code Property Graph (CPG). The CPG is a graph of graphs that connects the functions of source code together into a fabric of information flows that can be traversed from source to sink. With Ocular, security researchers, code auditors and developers can iteratively interrogate the validity of business logic flows to identify flaws and demonstrate reachability. Ocular queries can then be automated as security policy checks and regression testing through CI/CD pipelines.

“Business logic flaws are inherently unique to each organization, which makes them incredibly difficult to identify and fix,” said Manish Gupta, CEO of ShiftLeft. “Through our updates to Ocular, we’re making it easier for developers and application security teams to automatically find flaws in their software not covered by traditional static application testing tools. However, we also know fixing vulnerabilities before they make it to production isn’t always possible for every release. Since we know exactly how applications are vulnerable, we can also automatically generate a custom security profile to protect applications in production and buy security and development teams more time to fix their vulnerabilities.”

To learn more about Ocular, visit the ShiftLeft website or sign up for a 14 day free trial here: https://go.shiftleft.io/ocular-free-trial.

About ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle. It combines next-generation static code analysis (to quickly and accurately identify vulnerabilities) with application instrumentation (to protect the application) in an automated workflow. This combination of runtime-informed code analysis and code- informed runtime protection delivers the most accurate, automated, and comprehensive application security solution. To learn how ShiftLeft keeps application security in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.

 

 

Filed Under: Latest News Releases Tagged With: ShiftLeft

Sponsored Content
Featured eBook
The Automated Enterprise

The Automated Enterprise

“The Automated Enterprise” e-book shows the important role IT automation plays in business today. Optimize resources and speed development with Red Hat® management solutions, powered by Red Hat Ansible® Automation. IT automation helps your business better serve your customers, so you can be successful as you: Optimize resources by automating ... Read More
« Transforming the Security Team Into a DevOps Partner
DevOps Institute Named Continuous Learning Track Sponsor of DevOps World | Jenkins World 2019 »

TechStrong TV – Live

Click full-screen to enable volume control
Watch latest episodes and shows

Upcoming Webinars

Bring Your Mission-Critical Data to Your Cloud Apps and Analytics
Tuesday, August 16, 2022 - 11:00 am EDT
Mistakes You Are Probably Making in Kubernetes
Tuesday, August 16, 2022 - 1:00 pm EDT
Taking Your SRE Team to the Next Level
Tuesday, August 16, 2022 - 3:00 pm EDT

Latest from DevOps.com

Techstrong TV: Scratching the Surface of Testing Through AI
August 12, 2022 | Alan Shimel
Next-Level Tech: DevOps Meets CSOps
August 12, 2022 | Jonathan Rende
The Benefits of a Distributed Cloud
August 12, 2022 | Jonathan Seelig
Cycode Expands Scope of AppDev Security Platform
August 11, 2022 | Mike Vizard
Techstrong TV: The Use of AI in Low-Code
August 11, 2022 | Charlene O'Hanlon

Get The Top Stories of the Week

  • View DevOps.com Privacy Policy
  • This field is for validation purposes and should be left unchanged.

Download Free eBook

The 101 of Continuous Software Delivery
New call-to-action

Most Read on DevOps.com

CREST Defines Quality Verification Standard for AppSec Testi...
August 9, 2022 | Mike Vizard
Leverage Empirical Data to Avoid DevOps Burnout
August 8, 2022 | Bill Doerrfeld
MLOps Vs. DevOps: What’s the Difference?
August 10, 2022 | Gilad David Maayan
We Must Kill ‘Dinosaur’ JavaScript | Microsoft Open Sources ...
August 11, 2022 | Richi Jennings
GitHub Brings 2FA to JavaScript Package Manager
August 9, 2022 | Mike Vizard

On-Demand Webinars

DevOps.com Webinar ReplaysDevOps.com Webinar Replays
  • Home
  • About DevOps.com
  • Meet our Authors
  • Write for DevOps.com
  • Media Kit
  • Sponsor Info
  • Copyright
  • TOS
  • Privacy Policy

Powered by Techstrong Group, Inc.

© 2022 ·Techstrong Group, Inc.All rights reserved.