...
Expand |
---|
All Security Reviewer software is are implemented in compliance of Secure Coding standard like OWASP, WASC and CWE. Each new version is Static Analyzed using Security Reviewer Static Analysis and open source and commercial tools like Micro Focus Fortify. |
...
Q. Which Programming Languages are supported?
Expand |
---|
See Languages |
Q. Do Security Reviewer products support virtualization?
Expand |
---|
Many virtualization platforms are supported in different ways, depending on Editions (see Code Inspection FAQ below):
Desktop Edition cannot run on a local VM |
...
Expand |
---|
Our CI plugins rely on Jenkins and Bamboo infrastructure to run. Do not require additional resources. |
...
Expand |
---|
Our CI plugins rely on Jenkins and Bamboo infrastructure to run. If you need to improve users, clients or servers number, you must change your own infrastructure, it does not affect the CI plugins configuration and there are no additional costs |
...
Expand |
---|
Virtualization does not affect the CI plugins configuration and there are no additional costs. Our CI plugins rely on Jenkins and Bamboo Infrastructure to run. Anyway, our solutions has been tested on VMware vSphere/ESXi, Oracle VirtualBox, Microsoft Hipervisor, Red Hat Enterprise Virtualization and KVM virtual machines |
Q. Which Operative Systems are supported?
Expand |
---|
Please refer to Infrastructure page for further information |
Q. Which Cloud DevOps Platforms are supported?
Expand |
---|
Please refer to Infrastructure page for further information |
...
Expand |
---|
Our CI Plugins support Logging. See available Logging options |
Q. Can run in a Docker Image?
Expand |
---|
Our CI Plugins rely on your CI Platform Infrastructure. It has been tested with Docker, Kubernetes, OpenShift and with a number of APPC-compliant container platforms. No special Dockerfile is needed |
...
Expand |
---|
Yes. We support Jenkins and Bamboo pipelines natively. For other CI Platforms, our CLI Interface is multi-thread and pipelines-ready by design. See Infrastructure for a list of tested CI Platforms |
...
Expand |
---|
Our CI Plugin rely on your CI Platform Infrastructure. It is up to you installing separate CI environments at your site, with no additional costs |
...
Expand |
---|
Firmware Reviewer executes both Static and Dynamic Analysis. After extracting the bootloader and file system from the image, the Static Analysis consists on executing a Task List, which includes checking of OS, system libraries, 3rd-party libraries, executables and scripts against CVE and Exploit databases to find known vulnerabilities. Scripts source code is also submitted to Security Reviewer’s SAST module to verify OWASP, WASC and CWE vulnerabilities checks. It will reveal also Visible configuration, IPs, e-mails, URIs, Visible Services, Unwanted Programs, and Compliance Issues. Dynamic Analysis consists in Device Emulation and in applying attacker patterns to the firmware image. Dynamic Analysis execute also Hardening Compliance test and other tests like Malware Scanning, using an embedded version of Metaesploit against our own collection of rules. See Malware related question below. |
...
Expand |
---|
Firmware Reviewer makes use of Security Reviewer’s SAST native module to analyze source code found inside the firmware image: shell scripts, python, php, lua, javascript, etc. in order to verify OWASP, WASC and CWE vulnerabilities checks. |
...