Page Comparison

All Security Reviewer software is are implemented in compliance of Secure Coding standard like OWASP, WASC and CWE. Each new version is Static Analyzed using Security Reviewer Static Analysis and open source and commercial tools like Micro Focus Fortify.

See Languages

Many virtualization platforms are supported in different ways, depending on Editions (see Code Inspection FAQ below):

• Virtual Desktop Edition is used via SaaS via online VDI platform, based on VM

• Server Edition can have a WCF Service running in a VM

• REST API Edition as SaaS based on VM

• Developer Edition can run scan task remotely in a VM

Desktop Edition cannot run on a local VM

Our CI plugins rely on Jenkins and Bamboo infrastructure to run. Do not require additional resources.

Our CI plugins rely on Jenkins and Bamboo infrastructure to run. If you need to improve users, clients or servers number, you must change your own infrastructure, it does not affect the CI plugins configuration and there are no additional costs

Virtualization does not affect the CI plugins configuration and there are no additional costs. Our CI plugins rely on Jenkins and Bamboo Infrastructure to run. Anyway, our solutions has been tested on VMware vSphere/ESXi, Oracle VirtualBox, Microsoft Hipervisor, Red Hat Enterprise Virtualization and KVM virtual machines

Please refer to Infrastructure page for further information

Please refer to Infrastructure page for further information

Our CI Plugins support Logging. See available Logging options

Our CI Plugins rely on your CI Platform Infrastructure. It has been tested with Docker, Kubernetes, OpenShift and with a number of APPC-compliant container platforms. No special Dockerfile is needed

Yes. We support Jenkins and Bamboo pipelines natively. For other CI Platforms, our CLI Interface is multi-thread and pipelines-ready by design. See Infrastructure for a list of tested CI Platforms

Our CI Plugin rely on your CI Platform Infrastructure. It is up to you installing separate CI environments at your site, with no additional costs

Firmware Reviewer executes both Static and Dynamic Analysis. After extracting the bootloader and file system from the image, the Static Analysis consists on executing a Task List, which includes checking of OS, system libraries, 3rd-party libraries, executables and scripts against CVE and Exploit databases to find known vulnerabilities. Scripts source code is also submitted to Security Reviewer’s SAST module to verify OWASP, WASC and CWE vulnerabilities checks. It will reveal also Visible configuration, IPs, e-mails, URIs, Visible Services, Unwanted Programs, and Compliance Issues. Dynamic Analysis consists in Device Emulation and in applying attacker patterns to the firmware image. Dynamic Analysis execute also Hardening Compliance test and other tests like Malware Scanning, using an embedded version of Metaesploit against our own collection of rules. See Malware related question below.

Firmware Reviewer makes use of Security Reviewer’s SAST native module to analyze source code found inside the firmware image: shell scripts, python, php, lua, javascript, etc. in order to verify OWASP, WASC and CWE vulnerabilities checks.