ShiftLeft, Inc., an innovator in automated application security testing, today announced that its Intelligent-SCA product has added scanning and attackability analysis for JavaScript (JS) and the TypeScript (TS) language to the ShiftLeft CORE platform. JavaScript is the most widely used programming language and is also a frequent attack target for cybercriminals seeking to exploit vulnerabilities in open source code and the software supply chain.
Development teams using JavaScript frequently add functionality to their code by quickly writing new code or borrowing it from open source libraries like npm or reusing existing libraries and code modules on GitHub. Because JavaScript is a dynamic language and something of a “Swiss Army Knife” working on both the front-end and the server side, developers often move quickly to write quick fixes or hacks that create longer term vulnerabilities. Equally challenging, open source Javascript libraries frequently contain vulnerabilities that create unknown risk for the application. When the introduced risks are serious, it can require months of remediation work to identify and address all the risk ramifications.
By adding JavaScript coverage, ShiftLeft dramatically expanded the ability of Application Security (AppSec) teams to shift security left by providing detailed and accurate guidance to development teams on which vulnerabilities in web applications and JavaScript-driven frameworks can be proven to result in damaging attacks. “With the addition of JavaScript coverage, ShiftLeft is one of the most comprehensive solutions in the marketplace and allows us to test all our web application code before we ever go into production,” says Adam Fletcher, Chief Security Officer at Blackstone. “This means we see security flaws sooner and can focus our efforts on the most attackable vulnerabilities, letting us safely ship code faster.” With the new product capabilities, ShiftLeft offers the following benefits:
- The only software composition analysis solution (SCA) that accurately prioritizes JS/TS open source vulnerabilities by attackability with pre-production scans
- The only SAST solution that accurately identifies attackable JS/TS vulnerabilities in first-party code with pre-production scans
“By adding JavaScript coverage, ShiftLeft can dramatically expand the percentage of application code covered with attackability insights,” says Alok Shukla, VP Products, ShiftLeft. “As the most popular language playing a critical role in the global web and application infrastructure, JavaScript security will become even more important as the pace and severity of attacks on applications and the open source supply chain – much of which is written in JavaScript — increase over the course of 2022.”
The addition of JS/TS coverage further cements ShiftLeft as the most comprehensive and authoritative provider of Application Security testing and and attackability analysis on the market today. Application security teams and developers using ShiftLeft are able to close more security gaps at a faster pace and spend more time focusing on the issues that matter thanks to the unique ability of ShiftLeft to spotlight attackable vulnerabilities and clearly identify low-risk theoretical vulnerabilities.
About ShiftLeft
ShiftLeft enables software developers and application security teams to radically reduce the attackability of their applications by providing near-instantaneous security feedback on software code during every pull request. By analyzing application context and data flows in near real-time with industry-leading accuracy, ShiftLeft empowers developers and AppSec teams to find and fix the most serious vulnerabilities faster. Using its unique graph database that combines code attributes and analyzes actual attack paths based on real application architecture, ShiftLeft’s platform scans for attack context and pathways typical of modern applications, across APIs, OSS, internal microservices, and first-party business logic code, and then provides detailed guidance on risk remediation within existing development workflows and tooling. ShiftLeft CORE, a unified code security platform, combines the company’s flagship NextGen Static Analysis (NG SAST), Intelligent Software Composition Analysis (SCA), and contextual security training through ShiftLeft Educate to provide developers and application security teams the fastest, most accurate, most relevant, and easiest to use automated application security and code analysis platform.
Backed by Bain Capital Ventures, Mayfield, Thomvest Ventures, and SineWave Ventures, ShiftLeft is based in Santa Clara, CA. To learn how ShiftLeft keeps AppSec in sync with the rapid pace of DevOps, see https://www.shiftleft.io/
