Cloud Reviewer Saas is an all-one Cloud-native application security suite platform, multi-tenant, fully managed and provisioned as a service. Analyses like: It is able to analyze 3rd parties' libraries and open source components (SCA), Source Code-Static (SAST) and Endpoints-Dynamic (DAST) analyses at your hand , with complete management of vulnerabilities found, False positives, results, reports, data export, Multi-format Results (PDF, Word, Excel, CSV, JSON, XML, SARIF), Fully ISO 9001-Compliant Custom Reports. Mobile binary analysis (MAST) and Firmware Analysis are also available in the Enterprise version.
...
You can drill-down to Findings details:
...
A customizable reporting Custom Reporting feature is available.
DAST
With Dynamic Reviewer DAST LightSafe-PenTest module, you can inspect your web application as blackbox Blackbox during running, no need to backup your data. It . Whitebox mode is also available. Dynamic Reviewer detects vulnerabilities, show the Exploits, but doesn’t apply them. It also detects Client-side vulnerabilities.
...
Each Finding can explored in details:
...
A customizable Custom reporting feature is available.
...
You can drill down to details:
...
A customizable Custom reporting feature is available.
Vulnerability Management
Ous OuR SaaS provides a complete Vulnerability Management platform, based on online version of our Team Reviewer product.
...
Team Reviewer provides a unified interface for accessing all our tools, an effective vulnerability discovery, management & tracking, by continuously identifying threats, monitoring changes in your network, discovering and mapping all your devices and software and reviewing configuration details for each asset.
...
Pay-per-Scan. Small activation fee and pay a best-price fee for each SAST, DAST, SCA scan. Suitable for small organizations. 1 User. No LOC limits. Each customer has its own private space. Standard Support.
Professional: Pay-per-User. Starting package of 5 Users, 1 year subscription, unlimited SAST, DAST, SCA scans, unlimited Apps-Products, unlimited LOC. For each customer a separate Server is provided. Standard Support. With an additional fee you can add Gold Support to the subscription.
Developer. Professional (Pay-per-User) + IDE and DevOps integration. Access to our SaaS directly from your preferred IDE and your preferred CI/CD Platform.
Enterprise. Unlimited Users. 1 year yearly subscription, unlimited Unlimited SAST, DAST, SCA scans, unlimited Unlimited Apps-Products, unlimited Unlimited LOC, Unlimited Repositories. Additionally you can add Mobile Reviewer and /wiki/spaces/KC/pages/131110 in SaaS mode. Standard and Gold Support
For detailed information about Support, please refer to: https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/2442100737/Support+Maintenance
...
Standard: You submit your zipped source code via TLS 1.3. During upload, it will be AES-256 Encrypted. After scan completion, you can drill down to your Findings as well as the affected source code. You can also pull the code from a GIT Repository. It will be cloned in a AES-256 Encrypted storage.
Enhanced: The source code will be pre-processed using an auto-downloadable Desktop App (Static Reviewer Local Analyzer) and converted in our proprietary Dynamic Syntax Tree irreversible format (reverse-engineering not possibilepossible); the resulting Dynamic Syntax Tree will be encrypted with AES-256 and transmitted via TLS 1.3. Reports and Findings will only show few lines around the vulnerable code (n. of lines is configurable). Your source code never leave your PC.
...
In collaboration with 5M Informatica, Cloud Reviewer is under Qualification as official Cloud Service of QC1 level.to Italian National Cybersecurity Authority (ACN), as SaaS service of QC1 level. The Qualification simplifies, regulates and makes more secure the acquisition of cloud services by Public Administrations, in line with the indications of the National Cybersecurity Strategy. It guarantees adequate levels of security for Public Administration’s services and data, progressively increasing the quality and reliability of cloud service providers. The path enables a migration to the cloud, consistent with the classification of data and services and ACN's security and qualification requirements, helping to progressively reduce cyberattackscyber-attacks.
cloudreviewer.it service is reserved to Italian Government Institutions, with the same high-quality services described above, but in a different Data Center infrastructure, located in Bergamo (Greater Milan Area), handled by Aruba Networks IaaS Provider, official ACN Cloud Infrastructure provider (IN-56).
...
The Global Cloud Data Center is the largest data center campus in Italy, with a surface area of 200,000m2 in Ponte San Pietro (BG), just a few minutes from Milan. All facilities have been designed and built to meet or exceed the highest levels of resilience, in accordance with ANSI/TIA-942 Rating 4 requirements and the ISO 22237 standard, the international benchmark standard for the entire life cycle of a data center, from strategic conception to building and operation. At the IT3 Data Center, traffic can be exchanged with all the operators on the Milan Internet eXchange in Milan, thanks to the MIX Point of Presence.
It is composed by:
...
Dedicated Servers only
Servers Hardware Brand: HP
Rating 4 (former Tier 4) ANSI/TIA 942-B-2017
Maximum logical and physical security with armed surveillance 24/7 and 7 levels of access
Anti-sismic and hydrogeological risk-proof
Up to 60MW of power
Self-produced hydroelectric and photovoltaic energy
Double multi-modular power center with UPS boasting 2N + 1 redundancy
Made-to- measure power of up to 40kW per rack
Redundant emergency generators with 48-hour full-load autonomy without refuelling
Data hall made entirely of firewalls and ceiling with double insulation
Carrier neutral data center with optional managed connectivity
Made-to-measure colocation solutions: from rack units to a dedicated data center
Storage and office space available to customers
...
They are located in New York, Seattle and St. Louis, with best connectivity for both the East and the West Coast
Fastest route is always selected automatically
Completely redundant layout: Upon loss of one carrier, the system rapidly switches to another backbone
Availability is permanently maintained
Space: 14,000 sq ft
Capacity: 2MW generator, UPS-protected
Cooling: 17x 30 ton CRACs = 510 tons total cooling capacity, redundant cooling loop
Audited in accordance to SOC2 (Security Operation Center)
Cogent: 6x 10Gbit (+ further 10x 10Gbit available), TeliaSonera: 6x 10Gbit
Asian Data Centers
cloudreviewer.biz is provided to Eastern Countries, for Enterprises and Institutions seeking for an high-quality SaaS service for SAST, SCA, DAST and Vulnerability Management, as described above.
...