Security Reviewer Suite is composed by:
...
They can be installed in several Host types, even Virtualized, as well as inside Containers.
Each of Container Images have a Dockerfile, available on our GitHub space, with access reserved to existing customers.
Our products will be fully integrated in your DevOps environment, with the support of most used CI/CD Platforms, SCM, and ITSM solutions.
In our Multi-Tenant architecture, multiple instances of one product of ours can operate in a shared environment. This architecture is able to work because each tenant is integrated physically, but logically separated; meaning that a single instance of the software will run on one server and then serve multiple tenants. In this way, a product pf ours in a multi-tenant architecture can share a dedicated instance of configurations, data, user management and other properties.
...
Static Reviewer - Code Inspection is our SAST (Static Application Security Testing) product. Static Reviewer is not just another SAST tool. We provide a low-cost, accurate and super-fast tool, 52x Faster than average AppSec tools, based on most modern technologies (Machine Learning, new AI algorithms, our Blockchain), easily integrated to your DevOps, covering all vulnerability detection provided by our competitors (like Micro Focus Fortify™, CheckMarx™, HCL AppScan™, Veracode™, Kiuwan™, Corvallis Julia, Coverity™, SonarQube, etc.), and adding further 100+ detection rules for each of 40+ supported programming Languages.
Further than the SAST product, Quality Reviewer module calculates 100+ Software Quality Metrics (McCabe, Mood, CK, Halstead, Cognitive Metrics, Composite Metrics, etc.). It is made of three modules: Software Quality Metrics, SQALE, Software Resilience Analisis (SRA) and Effort Estimation.
Quality Reviewer's Effort Estimation module measures and estimates the Time, Cost, Flow Complexity, Size and Maintainability of software projects as well as Development Team Productivity, starting from source code. Fully configurableCISQ© Automated Function Points (AFP)feature is provided as well as a modern software sizing algorithm calledAverage Programmer Profile Weights(APPW © 2009 by Logical Solutions), a successor to solid ancestor scientific methods as COCOMO, REVIC, COSMIC-FFP and Backfired Function Points, that are also provided. Applying Motorola© six-Sigma methodology, QSM and Capers Jones (SRM) algorithms, Quality Reviewer, further than providing traditional software sizing tools, produces more accurate results while being faster and simpler. By using Effort Estimation plug-in, a project manager can get insight into a software development within minutes, saving hours of browsing through the code.
Software Composition Analysis
Software Composition Analysis (SCA) identifies project dependencies on 3rd-parties’ components directly inside your preferred CI platform, via Plugin, CLI Interface or REST API. Security Reviewer – Software Composition Analysis can identify Java, C/C++, Ruby, Groovy, Perl, PHP, JavaScript, TypeScript, Python, Scala, GO, Rust, R, Kotlin, Clojure, ErLang, Shell, PowerShell, LUA and Auto-IT components along with .NET assemblies and Objective-C, SWIFT support. Once identified, SCA will automatically determine if those components have known, publicly disclosed, vulnerabilities as well as licenses-related issues.
Software Resilience Analysis
Software Resilience Analysis (SRA Reviewer) indicates programming CISQ, MITRE, CERT best practices that make software bullet-proof, more robust and secure. This Resilience index is derived through technology-specific code analysis that searches for the presence of code patterns and bad programming practices that may comprise the reliability of the software at short term. Higher is the Software Resiliency, lower is the likelihood of defects occurring in production and better the Software will react to incidents.
Dynamic Reviewer
Dynamic Reviewer provides an easy-to-use, fully-integrated Dynamic Analysis tool. It is composed by three components: APM (Application Performance Management agent), IAST (Interactive Application Security Testing agent), and DAST (Lightweight PenTest tool). You can inspect your application during running, directly from Security Reviewer, Eclipse and Visual Studio Plugins. Its special Its special lightweight PenTest features, allowing to explore vulnerabilities in your Web Applications at the same time to keeping the software securely in your own hands, at your premises.
Mobile Reviewer
Mobile Reviewer is built on the software-as-a-service (SaaS) model, enabling enterprises to get on-demand security assessments of their Mobile Apps. It is able to scan both Android (Android C++ SDK, Java, Kotilin) and iOS apps (Objective-C, Objective-C++ and Swift), as well as legacy Windows Mobile apps.
Team Reviewer
Team Reviewer helps solving almost every problem related to Vulnerability Management and Tracking as well as GDPR Compliance issues. It is able to run 3rd party SAST, IAST and DAST products, and to import results for a large number of tools.
It is the default Dashboard. It can collect all results from the entire Security Reviewer Suite.
...
Firmware Reviewer
Firmware Reviewer analyzes packed Firmware image files, Firmware archives as well as ROS containers, providing the following Compliance Reports: OWASP Top 10 IoT 2018, ENISA-Baseline Security Recommendations for IoT, NIST Security Feature Recommendations for IoT Devices, , DCMS GOV.UK - Code of Practice for consumer IoT security, ETSI TS 103 645 V1.1.1 - Cyber Security for Consumer Internet of Things, BITAG - Broadband Internet Technical Advisory Group, SB-327 Information privacy: connected devices, CVE, CWE and CVSS.
...
Because we specifically designs our products to work together, on the same platform, there are several advantages for the user including no double data entry, more cross-application features and faster processing speeds.
Security Reviewer does not rely to third-party vendors (except for some open source libraries), all our software is made by us, and is fully-integrated.
COPYRIGHT (C) 2014-2021 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.