...
The CWE compatibility module identifies code with those security weaknesses, and Security Reviewer prioritizes these CWE 4.4 6 violations.
This makes it easy for you to fix the most critical errors first. And by using Security Reviewer, you’ll improve overall code security.
...
Static Reviewer provides PCI-DSS 3.2.1 and 2.0 (for compatibility) reporting for all financial applications it analyzes. Static Reviewer covers the following PCI-DSS requirements:
PCI DSS requirement | Description |
6.1 | Establish a process to identify security vulnerabilities, using reputable outside sources for security vulnerability information, and assign a risk ranking (for example, as “high,” “medium,” or “low”) to newly discovered security vulnerabilities. |
6.2 | Ensure that all system components and software are protected from known vulnerabilities by installing applicable vendorsupplied security patches. Install critical security patches within one month of release. |
6.3 | Develop internal and external software applications (including web-based administrative access to applications) securely, as follows:
|
6.4.3 | Production data (live PANs) are not used for testing or development |
6.4.4 | Removal of test data and accounts from system components before the system becomes active / goes into production |
6.4.5.3 | Functionality testing to verify that the change does not adversely impact the security of the system. |
6.5 | Address common coding vulnerabilities in software- development processes as follows:
|
6.5.1 | Injection flaws, particularly SQL injection. Also consider OS Command Injection, LDAP and XPath injection flaws as well as other injection flaws. |
6.5.2 | Buffer overflows |
6.5.3 | Insecure cryptographic storage |
6.5.4 | Insecure communications |
6.5.5 | Improper error handling |
6.5.6 | All “high risk” vulnerabilities identified in the vulnerability identification process (as defined in PCI DSS Requirement 6.1). |
6.5.7 | Cross-site scripting (XSS) |
6.5.8 | Improper access control (such as insecure direct object references, failure to restrict URL access, directory traversal, and failure to restrict user access to functions). |
6.5.9 | Cross-site request forgery (CSRF) |
6.5.10 | Broken authentication and session management. |
6.6 | For public-facing web applications, address new threats and vulnerabilities on an ongoing basis and ensure these applications are protected against known attacks by either of the following methods:
|
PCI-DSS 4.0 is coming on late 2020. We are ready for implementing the new reuirements as soon as it will be available, with no additional costs to the customers.
...
Security Reviewer supports Most Common SAP Vulnerabilities SAP BIZEC TEC/11, APP/11 and HANA/11.
...
Security Reviewer provides classification and reporting for OWASP Top Ten 2021, 2017, 2013 and 2010, as well as for Mobile Top Ten 2016 and 2014. Further, Security Reviewer supports OWASP Security API 2019.
...
Security Reviewer leads on OWASP Benchmark.
COPYRIGHT (C) 2014-2021 2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.