Versions Compared

Old Version 66

changes.mady.by.user Laura Mandolini

Saved on

compared with

New Version 67

changes.mady.by.user Marco Security

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Team Reviewer provides an effective vulnerability discovery, management & tracking, by continuously identifying threats, monitoring changes in your network, discovering and mapping all your devices and software — including new, unauthorized and forgotten ones —, and reviewing configuration details for each asset.

...

On the left hand side the ASVS score is displayed with the desired score, the % of benchmarks passed to achieve the score and the total enabled benchmarks for that AVSV level.

Reports

Static Server Plugin

Static Server Plugin for Team Reviewer reports can be generated in Word, Excel, XML, HTML, AsciiDoc and PDF.

...

Reports can be generated for:

  1. Groups of Products

  2. Individual Products

  3. Endpoints

  4. Product Types

  5. Custom Reports

...

Filtering is available on all Report Generation views to aid in focusing the report for the appropriate need.

Custom reports allow you to select specific components to be added to the report. These include:

  1. Cover Page

  2. Table of Contents

  3. WYSIWYG Content

  4. Findings List

  5. Endpoint List

  6. Page Breaks

The custom report workflow takes advantage of the same asynchronous process described above

Notifications

Team Reviewer can inform you of different events in a variety of ways. You can be notified about things like an upcoming engagement, when someone mentions you in a comment, a scheduled report has finished generating, and more.

The following notification methods currently exist: - Email - Slack - HipChat - WebHook or Alerts within Team Reviewer

...

You can set these notifications on a system scope (if you have administrator rights) or on a personal scope. For instance, an administrator might want notifications of all upcoming engagements sent to a certain Slack channel, whereas an individual user wants email notifications to be sent to the user’s specified email address when a report has finished generating.

In order to identify and notify you about things like upcoming engagements, Team Reviewer runs scheduled tasks for this purpose. 

Attached Documents

Products, Engagements and Tests permit to attach one or more documents, like Requirements docs, Project Docs, Evidences, Certifications, Risk Acceptances and any correlated docs you need.

It accepts PDF, Word, Excel and Images file formats.

Security Reviewer’s Security, Deadcode-Best Practices, Resilience and SQALE reports are uploaded as Engagement’s Attached Documents to Team Reviewer using REST APIs.

Results Correlation

Team Reviewer can import and correlate results from the following tools:

  • Static Reviewer, Security Reviewer Software Composition Analysis (SCA), Security Reviewer Software Resilience Analysis (SRA), Mobile Reviewer and Dynamic Reviewer XML or CSV

  • HCL AppScan Source ed. and Standard ed. detailed XML Report

  • Micro Focus Fortify SCA and WebInspect FPR

  • CA Veracode Detailed XML Report

  • Checkmarx Detailed XML Report

  • Rapid7 AppSpider Vulnerabilities Summary XML Report and Nexpose XML 2.0

  • Acunetix

  • Anchore

  • AQUA

  • Arachni Scanner JSON Report

  • AWS Prowler and Scout2

  • Bandit

  • Synopsys BlackDuck

  • Brakeman

  • BugCrowd

  • Contrast

  • ESLint

  • GitLab SAST

  • GitLeaks

  • GOast

  • GOSec

  • HadoLink

  • HuskyCI

  • ImmuniWeb

  • JFrog XRay

  • Kiuwan

  • Burp Suite XML

  • Nessus (CSV, XML)

  • NetSparker

  • NExspose

  • NPMAudit

  • OpenSCAP

  • OpenVAS

  • PHP Symphony Security Check

  • Nmap (XML), SQLMap, NoSQLMap (text output)

  • OWASP ZAP XML and Dependency Check XML

  • Retire.js JavaScript Scan JSON

  • Node Security Platform JSON

  • Qualys XML

  • SonarQube

  • Sonatype Nexus

  • SourceClear

  • SSLScan

  • SSLlyze

  • Snyk JSON

  • Trivy

  • Trustwave

  • PyJFuzz

  • WhiteSource

  • WpScan

  • Generic Findings in CSV format

Team Reviewer can export correlated results to the following tools:

  • SonarQube

  • Micro Focus Fortify SSC

  • Kenna Security

  • ThreadFix

  • ServiceNow

See our EcoSystem.

Team Reviewer can access to Firmware Reviewer using Single Sign On (to be purchased separately) it is able to run Static Analyses over a Source Code Folder, and Software Composition Analyses directly from Team Reviewer.

You can do:

  • Static Analyses

  • Software Composition Analyses

  • Mark False Positives

  • Enable/Disable and change Severity of existing Vulnerability Detection Rules

  • Add Custom Rules

  • Declare Recurrent False Positives by Evidence

You start Source Code Inspections clicking Static Analysis in the main Dashboard:

...

The Static Analysis features are the same of Static Reviewer Desktop, but centralized and accessible by any browser:

...

You can massively mark False Positives using our smart interface:

...

You can Enable/Disable and change Severity of existing Vulnerability Detection Rules (authorized users only):

...

You can create your Custom Rules (authorized users only):

...

You can declare Recurring False Positives by Evidence (authorized users only):

...

Reports

Team Reviewer stores reports generated with:

  • Static Reviewer Desktop

  • Static Reviewer CI/CD plugins for Jenkins and GitLab

  • SCA Reviewer Destkop

  • SCA Reviewer CI/CD plugins for Jenkins and GitLab

  • Dynamic Reviewer

  • Mobile Reviewer

...

Further, you can create your own custom reports by using Team Reviewer Report Generator.

Team Reviewer custom reports can be generated in Word, Excel, XML, HTML,and AsciiDoc. If you need different formats, open the Word reports and choose Save As…

...

Reports can be generated for:

  1. Groups of Products

  2. Individual Products

  3. Endpoints

  4. Product Types

  5. Custom Reports

...

Filtering is available on all Report Generation views to aid in focusing the report for the appropriate need.

Custom reports allow you to select specific components to be added to the report. These include:

  1. Cover Page

  2. Table of Contents

  3. WYSIWYG Content

  4. Findings List

  5. Endpoint List

  6. Page Breaks

The custom report workflow takes advantage of the same asynchronous process described above

Notifications

Team Reviewer can inform you of different events in a variety of ways. You can be notified about things like an upcoming engagement, when someone mentions you in a comment, a scheduled report has finished generating, and more.

The following notification methods currently exist: - Email - Slack - HipChat - WebHook or Alerts within Team Reviewer

...

You can set these notifications on a system scope (if you have administrator rights) or on a personal scope. For instance, an administrator might want notifications of all upcoming engagements sent to a certain Slack channel, whereas an individual user wants email notifications to be sent to the user’s specified email address when a report has finished generating.

In order to identify and notify you about things like upcoming engagements, Team Reviewer runs scheduled tasks for this purpose. 

Attached Documents

Products, Engagements and Tests permit to attach one or more documents, like Requirements docs, Project Docs, Evidences, Certifications, Risk Acceptances and any correlated docs you need.

It accepts PDF, Word, Excel and Images file formats.

Security Reviewer’s Security, Deadcode-Best Practices, Resilience and SQALE reports are uploaded as Engagement’s Attached Documents to Team Reviewer using REST APIs.

Results Correlation

Team Reviewer can import and correlate results from the following tools:

  • Static Reviewer, Security Reviewer Software Composition Analysis (SCA), Security Reviewer Software Resilience Analysis (SRA), Mobile Reviewer and Dynamic Reviewer XML or CSV

  • HCL AppScan Source ed. and Standard ed. detailed XML Report

  • Micro Focus Fortify SCA and WebInspect FPR

  • CA Veracode Detailed XML Report

  • Checkmarx Detailed XML Report

  • Rapid7 AppSpider Vulnerabilities Summary XML Report and Nexpose XML 2.0

  • Acunetix

  • Anchore

  • AQUA

  • Arachni Scanner JSON Report

  • AWS Prowler and Scout2

  • Bandit

  • Synopsys BlackDuck

  • Brakeman

  • BugCrowd

  • Contrast

  • ESLint

  • GitLab SAST

  • GitLeaks

  • GOast

  • GOSec

  • HadoLink

  • HuskyCI

  • ImmuniWeb

  • JFrog XRay

  • Kiuwan

  • Burp Suite XML

  • Nessus (CSV, XML)

  • NetSparker

  • NExspose

  • NPMAudit

  • OpenSCAP

  • OpenVAS

  • PHP Symphony Security Check

  • Nmap (XML), SQLMap, NoSQLMap (text output)

  • OWASP ZAP XML and Dependency Check XML

  • Retire.js JavaScript Scan JSON

  • Node Security Platform JSON

  • Qualys XML

  • SonarQube

  • Sonatype Nexus

  • SourceClear

  • SSLScan

  • SSLlyze

  • Snyk JSON

  • Trivy

  • Trustwave

  • PyJFuzz

  • WhiteSource

  • WpScan

  • Generic Findings in CSV format

Team Reviewer can export correlated results to the following tools:

  • SonarQube

  • Micro Focus Fortify SSC

  • Kenna Security

  • ThreadFix

  • ServiceNow

See our EcoSystem.

Team Reviewer can access to Firmware Reviewer using Single Sign On.

Authentication via LDAP/AD

LDAP (Lightweight Directory Access Protocol) is an Internet protocol that web applications can use to look up information about those users and groups from the LDAP server. You can connect the Team Reviewer to an LDAP directory for authentication, user and group management. Connecting to an LDAP directory server is useful if user groups are stored in a corporate directory. Synchronization with LDAP allows the automatic creation, update and deletion of users and groups in Team Reviewer according to any changes being made in the LDAP directory.

REST API

Team Reviewer is built using a thin server architecture and an API-first design. API’s are simply at the heart of the platform. Every API is fully documented via Swagger 2.0.

...

Team Reviewer is based on open source software developed by Aaron Weaver (OWASP Defect Dojo Project)

COPYRIGHT (C) 2014-2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.