Seeker®, our interactive application security testing (IAST) solution, gives you unparalleled visibility into your web app security posture and identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, CAPEC, and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive data to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Seeker’s seamless integration into DevOps CI/CD workflows enables continuous application security testing and verification.
Seeker applies code instrumentation techniques (agents) inside running applications and can scale to address large enterprise security requirements. It provides accurate results out of the box and doesn’t require extensive, lengthy configuration. With Seeker, your developers don’t have to be security experts, because Seeker provides detailed vulnerability descriptions, actionable remediation advice, and stack trace information, and it identifies vulnerable lines of code.
Seeker continuously monitors any type of testing applied to web apps and seamlessly integrates with automated CI build servers and test tools. Seeker leverages these tests (e.g., manual QA of login pages or automated functional tests) to automatically generate multiple security tests.
Seeker also includes Black Duck® Binary Analysis, our software composition analysis (SCA) solution, which identifies third-party and open-source components, known vulnerabilities, license types, and other potential risk issues. Seeker and Black Duck analysis results are presented in a unified view and can be sent automatically to bug-tracking and collaboration systems of choice, so developers can triage them as part of their normal workflow.
Seeker is ideal for microservices-based app development as it can bind together multiple microservices from a single app for assessment.
Seeker analyzes the flow of data between microservices to analyze the system as a whole, not just as a set of unrelated applications. Data flows are tracked over HTTP(S), gRPC, shared databases, and more.
For more information please contact AlJammaz Technologies or download the datasheet:
interactive-application-security-testing-datasheet.pdf |