Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Cloud Reviewer Saas is an all-one Cloud-native application security suite platform, multi-tenant, fully managed and provisioned as a service. It is able to analyze 3rd parties' libraries and open source components (SCA), Source Code-Static (SAST) and Endpoints-Dynamic (DAST), with complete management of vulnerabilities found, False positives, Multi-format Results (PDF, Word, Excel, CSV, JSON, XML, SARIF), Fully ISO 9001-Compliant Custom Reports. Mobile binary analysis (MAST) and Firmware Analysis are also available in the Enterprise version.

...

Main Topics

Table of Contents

Application Security Posture Management

According to Gartner, ASPM analyzes security signals across software development, deployment, and operation to improve visibility, better manage vulnerabilities, and enforce security controls. As a result, security leaders can improve application security efficacy and better manage risk.

Our SaaS provides a complete Application Security Posture Management (ASPM) platform, based on online version of our Team Reviewer product offered in SaaS as Cloud Reviewer.

...

Cloud Reviewer provides a unified interface for accessing all our tools, an effective vulnerability discovery, management & tracking, by continuously identifying threats, monitoring changes in your applications, fully integrated to your DevOps, discovering and mapping all your software changes and reviewing configuration details for each asset.

See Cloud Reviewer-Team Reviewer Integration Checklist.

Allow your developers, security engineers, team leads or managers have access to what they need.

Show isolated data to each user’s profile to make sure you keep everyone updated.

Use our CLI to bring security operations closer to development and DevOps teams and prevent overloading your security teams.

Benefits of ASPM include:

  • Real-time visibility into an organization’s application landscape to find vulnerabilities, misconfigurations, and other threats more readily.

  • Prioritizing security risk through detailed contextual information extracted from previously siloed security tools. Teams can then respond more quickly to incidents than manually inspecting alerts generated by each solution.

  • Enhanced remediation with greater context and root-cause insights teams can readily locate and triage security issues across platforms.

  • Improved productivity by automating workflows and security assessments that yield actionable insights, allowing more time spent on core tasks and goals.

  • Cost and reputational savings from finding and fixing security issues before they result in breaches.

SAST

Scans uncompiled code and doesn’t require complete builds. Sets the new standard for instilling security into modern development.

An application can be made of different Programming Languages

Cloud Reviewer recognizes all programming languages that are composing the analyzed app, as well as the Dominant Language (i.e. the Language with higher LOC).

...

A Custom reporting feature is available.

Vulnerability Management

...

SaaS

...

Team Reviewer provides a unified interface for accessing all our tools, an effective vulnerability discovery, management & tracking, by continuously identifying threats, monitoring changes in your network, discovering and mapping all your devices and software and reviewing configuration details for each asset.

See Team Reviewer’s Integration Checklist.

SaaS Plans

  • Pay-per-Scan. Small activation fee and pay a best-price fee for each SAST, DAST, SCA scan. Suitable for small organizations. 1 User. No LOC limits. Each customer has its own private space. Standard Support.

  • Professional: Pay-per-User. Starting package of 5 Users, 1 year subscription, unlimited SAST, DAST, SCA scans, unlimited Apps-Products, unlimited LOC. For each customer a separate Server is provided. Standard Support. With an additional fee you can add Gold Support to the subscription.

  • Developer. Professional (Pay-per-User) + IDE and DevOps integration. Access to our SaaS directly from your preferred IDE and your preferred CI/CD Platform.

  • Enterprise. Unlimited Users. yearly subscription, Unlimited SAST, DAST, SCA scans, Unlimited Apps-Products, Unlimited LOC, Unlimited Repositories. Additionally you can add Mobile Reviewer and /wiki/spaces/KC/pages/131110 in SaaS mode (available for EU market only). Standard and Gold Support

For detailed information about Support, please refer to:  https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/2442100737/Support+Maintenance

DevOps integration

You can integrate Cloud Reviewer in your DevOps, using the Remote Scan, IDE Integration and GitHub Integration features.

...

Italian Global Cloud Data Center (IT3) - DC-A

In collaboration with 5M Informatica, Cloud Reviewer is under Qualification as official Cloud Service of QC1 level.to Italian National Cybersecurity Authority (ACN). The Qualification simplifies, regulates and makes more secure the acquisition of cloud services by Public Administrations, in line with the indications of the National Cybersecurity Strategy. It guarantees adequate levels of security for Public Administration’s services and data, progressively increasing the quality and reliability of cloud service providers. The path enables a migration to the cloud, consistent with the classification of data and services and ACN's security and qualification requirements, helping to progressively reduce cyber-attacks.

cloudreviewer.it service is reserved to Italian Government Institutions, with the same high-quality services described above, but located in a different Data Center infrastructure, located hosted in Bergamo (Greater Milan Area), handled by Aruba Networks IaaS Provider, official ACN Cloud Infrastructure provider (IN-56). It guarantees adequate levels of security for Public Administration’s services and data, progressively increasing the quality and reliability of cloud service providers.

...

The Global Cloud Data Center is the largest data center campus in Italy, with a surface area of 200,000m2 in Ponte San Pietro (BG), just a few minutes from Milan. All facilities have been designed and built to meet or exceed the highest levels of resilience, in accordance with ANSI/TIA-942 Rating 4 requirements and the ISO 22237 standard, the international benchmark standard for the entire life cycle of a data center, from strategic conception to building and operation. At the IT3 Data Center, traffic can be exchanged with all the operators on the Milan Internet eXchange in Milan, thanks to the MIX Point of Presence.

...

  • They are located in New York, Seattle and St. Louis, with best connectivity for both the East and the West Coast

  • Fastest route is always selected automatically

  • Completely redundant layout: Upon loss of one carrier, the system rapidly switches to another backbone

  • Availability is permanently maintained

  • Space: 14,000 sq ft

  • Capacity: 2MW generator, UPS-protected

  • Cooling: 17x 30 ton CRACs = 510 tons total cooling capacity, redundant cooling loop

  • Audited in accordance to SOC2 (Security Operation Center)

  • Cogent: 6x 10Gbit (+ further 10x 10Gbit available), TeliaSonera: 6x 10Gbit

Asian Data Centers

cloudreviewer.biz is provided to Eastern Countries, for Enterprises and Institutions seeking for an high-quality SaaS service for SAST, SCA, DAST and Vulnerability Management, as described above.

...