Page Comparison

We provide a basic Support contract of 8x5, and Glod Gold or Premium of 24x7. Maintenance is always provided with a monthly release update. Patching (part of maintenance) is done for bug fixing with a response time of 8-48 hours for Basic Support and 3-8 hours (3 hours for High, 5 hours for Medium, 6 hours for Normal and 8 hours for Low priority) for Premium support. For further SLA details, please ask to your preferred Reseller

We guarantee the deployment of your Change Requests in about 48 hours and your Feature Requests developed during next 30 working days. We are committed to help our clients reaching their goals, to personalize their Secure Review experience, to provide an innovative environment, and to make the difference. Once you are a Customer of ours, feel free to ask what you need and you will get it for free! Your enhancement request will be inserted in the product roadmap and delivered to you soon!

The best way to submit an enhancement request for your Security Reviewer product is to go to https://www.securityreviewer.net/support. Select the product in which you are interested and the related section. Otherwise you can send you request via email to info@securityreviewer.com

The benefit of posting your suggestion on the Support site is that you “own” it. You will be notified by email of all replies and you will be the “thought leader” for the idea. Other users can see that the enhancement request is your idea, and you can lead the conversation in a way that will make your request compelling to Security Reviewer. Other users can “vote” on your idea and you can “campaign” for votes for your idea. Other users may also suggest a workaround or another way that you can accomplish your objective.

Security Reviewer’s Product Management reviews the submitted requests regularly, and you should see a reply within two o threee three days.

For all the reasons above, posting and socializing your request on the Support site is the most productive and informative place to open an enhancement request.

We confirm that no additional costs are required for new available features during your support contract. New features may involve:

• New supported OS

• New supported languages

• Enhanced products' features

See Our Indipendent Independent Advisors Network

When a Security Vulnerability is detected, a number of detailed Attributes is provided.

See this video:

Legend:

Q. Can Static Analysis provide per-component results?

Before executing the Static Analysis, source code may be grouped by Components, via Component Builder feature. Results by Component, Outsourcer and/or Development Team can be associated, as well as the related Application Portfolio ID and Project Initiative

Q. When Analysis ends, is there a notification service?

At Analysis termination, an e-mail can be sent to a single target address and/or a mail group using your own SMTP server. Notifications can be also made using Slack, Microsoft Teams or sent to any Platform with WebHooks support. See Ecosystem for further details.

Q. Which Analysis results output formats are supported?

Results are exported in customizable PDF, Word, Excel, HTML, CSV, JSON and XML formats. Reports can be customized with ISO 9001 cover page, your logo, Classification and your Responsability Responsibility Chain.

Q. May I suppress a vulnerability?

Yes, you can mark a vulnerability as False Positive, insert Notes and Vulnerability Status, all associated to a specific author. Those information will used in the next Analysis and included in the reports. See False Positives and False Negatives

Q. In Static Analysis, may I create custom Security Rules?

You can exclude some Security Rules from the Static Analysis, between the ones available, or you can create new Security Rules using the Cigital Digital Secure Assist standard. Those rules can be associated to a specific analysis or to a single Application or Group of applications

Q. Which Development IDE are supported?

Currently, Eclipse, NetBeans, Visual Studio, Visual Studio Code, IBM Rational Team Concert, Rational Software Architect, Rational RAD Studio, JetBrains IntelliJ IDEA, RubyMine, WebStorm, PhpStorm, PyCharm, AppCode and Android Studio plugins are available. See IDE Plugins

When a product is purchased, for each product the following manuals are provided: Solution Overview, Installation Manual (includes Troubleshooting), User’s Manual (includes Release Updates and Patching procedures as well as OWASP Dependency Track user’s guide), IDE plugin manual, REST API interface manual, SonarQube Plugin manual, TrìhredFix ThreadFix Integration manual, CLI Interface manual. Such manuals will be updated together when a new Release will be available

Virtualization does not affect the CI plugins configuration and there are no additional costs. Our CI plugins rely on Jenkins and Bamboo Infrastructure to run. Anyway, our solutions has been tested on VMware vSphere/ESXi, Oracle VirtualBox, Microsoft HipervisorHypervisor, Red Hat Enterprise Virtualization and KVM virtual machines

See Our Indipendent Independent Advisors Network

Your Library/Framework can be clean today, but vulnerable tomorrow. For continuosly continuously monitoring, we provide a Maven Plugin for Sonatype Nexus Repository and JFrog Artifactory systems. The Maven plugin can be executed inside your CI Platform as a build task and, further than against a repository, a folder in a Network File System can be periodically analyzed using the same plugin

Results are exported in customizable PDF, Word, Excel, HTML, CSV, JSON and XML formats. Reports can be customized with ISO 9001 cover page, your logo, Classification and your Responsability Responsibility Chain.

You can exclude some Security Rules from the Static Analysis, between the ones available and you can create new Security Rules using the Cigital Digital Secure Assist standard. Those rules can be associated to a specific analysis or to a single Application or Group of applications

Firmware Reviewer Emulate a device using an our own enhanced version of QEMU. For complex firmwares firmware it can execute a Partial emulation (bootloader and init system) and install a /wiki/spaces/KC/pages/1455980582 in the firmware bootloader, in order to manage encrypted firmware and gain access to login credentials. It will increase the Dynamic Analysis comprehensiveness and accuracy.

You can execute Firmware analysis of the new version, and use Firmware Reviewer’s Compare feature to discover new or fixed vulnerabilites vulnerabilities between the two versions.

Malware is detected using an embedded version of Metaesploit against our own collection of rules, as well as through Dynamic analysis of ELF files:

1. Starting and Termination: Time Stamps and Elapsed Time.

2. Processes Information: clone, execve exec and exit etc.

3. File I/O: open, read, write and delete etc.

4. Network: TCP, UDP, HTTP and HTTPS etc.

5. Typical Malicious Actions: self deletion, modification and lock.

6. API Information: getpid, system, dup and other libc functions.

7. syscall sequences.

Further, our Dynamic Analysis finds Backdoors based in: Suspicious open TCP ports, suspicious connection to external IPs and URIs, presence of Non-standard services and Suspicious executables.