ShiftLeft Inc., an innovator in automated application security, today announced its Ocular solution has been recognized in the 2019 Cybersecurity Breakthrough Awards as Data Leak Detection Solution of the Year. ShiftLeft Ocular is a custom code analysis solution that enables security auditors to query a graphical representation of their source code for vulnerabilities unique to their environments, such as data leakage, business logic flaws and insider threats (e.g. rootkits and backdoors), which can’t be found via legacy code analysis tools’ pattern matching techniques.
Organizations are developing and releasing software faster than ever before. Furthermore, the complexities of applications and the paths of data are increasing – services are being broken down into ever smaller microservices, open source libraries and commercial SDKs are being leveraged for efficiency, and data paths regularly include APIs that send data externally to third parties. The job of securing data is getting harder, while security auditors have even less time to find leaks in development. As a result, mistakes, such as Twitter inadvertently logging 330 million users’ passwords in an unencrypted format, are becoming the source of near daily headlines.
“Data has always been the lifeblood of applications. With GDPR going into effect last year, and the compliance deadline for the California Consumer Privacy Act just 90 days away, identifying critical leakage is imperative,” said Manish Gupta, CEO of ShiftLeft. “For the first time, ShiftLeft customers can automatically identify critical data variables and definitively map end-to-end data flows in development. ShiftLeft is proud that the Cybersecurity Breakthrough Awards have recognized the importance of identifying data leakage in development before the leaks reach production, and honored to have won their Data Leak Detection Solution of the Year.”
As an interactive shell to query ShiftLeft’s Code Property Graph, Ocular starts where traditional code analysis tools end. Historically, code analysis tools have relied on patterns common to certain types of technical vulnerabilities (e.g. injection, cross-site scripting, etc.) to test each customer’s unique custom code base. However, the paths of data in each application are unique, so pattern matching is ineffective. Furthermore, routes of data routinely cross back and forth across custom code and third party dependencies, which traditional code analysis tools cannot follow.
Ocular automatically identifies sensitive data variables (PII, PHI, etc.) and then enables security auditors to traverse all routes in the graph, from ultimate source to ultimate sink, across microservices irrespective of whether the route includes custom code, open source libraries, or SDKs and APIs to ensure critical data is handled properly in development, before leaks are pushed live into production.
The Cybersecurity Breakthrough Awards performs one of the deepest evaluations of the information security industry to recognize “breakthrough” cybersecurity solutions and companies. This year’s program brought in more than 3,500 nominations worldwide.
ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle. It combines nextgen static code analysis (to quickly and accurately identify vulnerabilities) with application instrumentation (to protect the application) in an automated workflow. This combination of runtime-informed code analysis and code-informed runtime protection delivers the most accurate, automated, and comprehensive application security solution. To learn how ShiftLeft keeps application security in sync with the rapid pace of DevOps, see https://www.shiftleft.io/.