ShiftLeft, Inc., a leader in application security, has released a tool enabling businesses to independently benchmark and validate the accuracy of ShiftLeft CORE using the Open Web Application Security Project (OWASP) Benchmark Project, a Java test suite designed to evaluate the accuracy of vulnerability detection tools.
The OWASP Benchmark test suite is a sample application made up of thousands of actual instances and false positives of vulnerabilities spanning11 categories. Evaluating a tool against the OWASP Benchmark provides a window into that tool’s ability to find vulnerabilities while reducing false-positives.
With a true-positive rate of 100% and a false-positive rate of 25%, ShiftLeft CORE is the best-in-class static application security testing (SAST) tool when it comes to OWASP Benchmark score. To help businesses easily verify these findings, ShiftLeft has built in the OWASP Benchmark as a demo app on its platform, enabling cybersecurity decision-makers to run it in just a few clicks.
“Organizations are overwhelmed with options when evaluating new cybersecurity tools. Even once you’re past initial feature comparisons, it’s time-consuming to build a proper test environment and can be difficult to replicate scores claimed by vendors,” said Alok Shukla, Vice President of Product Management, ShiftLeft. “We truly believe in ShiftLeft CORE’s ability to outperform the competition. That’s why we’re presenting organizations with a way to easily benchmark ShiftLeft independently.”
The ShiftLeft CORE platform is built around ShiftLeft’s NextGen Static Analysis (NG SAST), a modern code analysis solution designed to support developer workflows. Powered by ShiftLeft’s unique Code Property Graph (CPG) engine, ShiftLeft CORE combines many representations of source code into a single, queryable graph database to understand the full flow of information across an application or service. This adds valuable context that accurately reduces false positives while prioritizing vulnerabilities based on reachability.
For more information on ShiftLeft CORE, visit https://www.shiftleft.io/.
ShiftLeft builds security software with a developers-first approach. Through industry-leading speed and accuracy, ShiftLeft maximizes developer productivity and efficiency by providing near-instantaneous security feedback on software code during every pull request. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate. The platform is purpose-built to insert security directly into the modern software development lifecycle so developers receive the right vulnerability information at the right time.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.