Security Reviewer Suite

Security Reviewer Suite is composed by:

On Premise & Cloud

Our products can be installed 100% On Premise or in https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/934445154/Cloud.

They can be installed in several Host types, even Virtualized, as well as inside Containers.

Each of Container Images have a Dockerfile, available on our GitHub space, with access reserved to existing customers.

Our products will be fully integrated in your DevOps environment, with the support of most used CI/CD Platforms, SCM, and ITSM solutions.

In our Multi-Tenant architecture, multiple instances of one product of ours can operate in a shared environment. This architecture is able to work because each tenant is integrated physically, but logically separated; meaning that a single instance of the software will run on one server and then serve multiple tenants. In this way, a product pf ours in a multi-tenant architecture can share a dedicated instance of configurations, data, user management and other properties.

Static Reviewer

https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/196633/Static+Reviewer+-+Code+Inspection is our SAST (Static Application Security Testing) product. Static Reviewer is not just another SAST tool. We provide a low-cost, accurate and super-fast tool, 52x Faster than average AppSec tools, based on most modern technologies (Machine Learning, new AI algorithms, our Blockchain), easily integrated to your DevOps, covering all vulnerability detection provided by our competitors (like Micro Focus Fortify™, CheckMarx™, HCL AppScan™, Veracode™, Kiuwan™, Corvallis Julia, Coverity™, SonarQube, etc.), and adding further 100+ detection rules for each of 40+ supported programming Languages

Further than the SAST product, Quality Reviewer module calculates 100+ Software Quality Metrics (McCabe, Mood, CK, Halstead, Cognitive Metrics, Composite Metrics, etc.). It is made of three modules: Software Quality Metrics, https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/426091/SQALE, Software Resilience Analisis (SRA) and Effort Estimation.

Quality Reviewer's Effort Estimation module measures and estimates the Time, Cost, Flow Complexity, Size and Maintainability of software projects as well as Development Team Productivity, starting from source code. Fully configurable CISQ© Automated Function Points (AFP) feature is provided as well as a modern software sizing algorithm called Average Programmer Profile Weights (APPW © 2009 by Logical Solutions), a successor to solid ancestor scientific methods as COCOMO, REVIC, COSMIC-FFP and Backfired Function Points, that are also provided. Applying Motorola© six-Sigma methodology, QSM and Capers Jones (SRM) algorithms, Quality Reviewer, further than providing traditional software sizing tools, produces more accurate results while being faster and simpler. By using Effort Estimation plug-in, a project manager can get insight into a software development within minutes, saving hours of browsing through the code.

Software Composition Analysis

Software Composition Analysis (SCA) identifies project dependencies on 3rd-parties’ components directly inside your preferred CI platform, via Plugin, CLI Interface or REST API. Security Reviewer – Software Composition Analysis can identify Java, C/C++, Ruby, Groovy, Perl, PHP, JavaScript, TypeScript, Python, Scala, GO, Rust, R, Kotlin, Clojure, ErLang, Shell, PowerShell, LUA and Auto-IT components along with .NET assemblies and Objective-C, SWIFT support. Once identified, SCA will automatically determine if those components have known, publicly disclosed, vulnerabilities as well as licenses-related issues.

Software Resilience Analysis

Software Resilience Analysis (SRA Reviewer) indicates programming CISQ, MITRE, CERT best practices that make software bullet-proof, more robust and secure. This Resilience index is derived through technology-specific code analysis that searches for the presence of code patterns and bad programming practices that may comprise the reliability of the software at short term. Higher is the Software Resiliency, lower is the likelihood of defects occurring in production and better the Software will react to incidents.

Dynamic Reviewer

Dynamic Reviewer provides an easy-to-use, fully-integrated Dynamic Analysis tool. It is composed by three components:  APM (Application Performance Management agent), IAST (Interactive Application Security Testing agent), and DAST (Lightweight PenTest tool). You can inspect your application during running, directly from Security Reviewer, Eclipse and Visual Studio Plugins. Its special PenTest features, allowing to explore vulnerabilities in your Web Applications at the same time to keeping the software securely in your own hands, at your premises.

Mobile Reviewer

Mobile Reviewer is built on the software-as-a-service (SaaS) model, enabling enterprises to get on-demand security assessments of their Mobile Apps. It is able to scan both Android (Android C++ SDK, Java, Kotilin) and iOS apps (Objective-C, Objective-C++ and Swift), as well as legacy Windows Mobile apps.

Team Reviewer

Team Reviewer helps solving almost every problem related to Vulnerability Management and Tracking as well as GDPR Compliance issues. It is able to run 3rd party SAST, IAST and DAST products, and to import results for a large number of tools.

It is the default Dashboard. It can collect all results from the entire Security Reviewer Suite.

From inside Team Reviewer, you can also run Static, Dynamic, Mobile, Firmware and Software Composition Analyses tasks.

Firmware Reviewer

Firmware Reviewer analyzes packed Firmware image files, Firmware archives as well as ROS containers, providing the following Compliance Reports: OWASP Top 10 IoT 2018, ENISA-Baseline Security Recommendations for IoT, NIST Security Feature Recommendations for IoT Devices, , DCMS GOV.UK - Code of Practice for consumer IoT security, ETSI TS 103 645 V1.1.1 - Cyber Security for Consumer Internet of Things, BITAG - Broadband Internet Technical Advisory Group, SB-327 Information privacy: connected devices, CVE, CWE and CVSS.

Background

Security Reviewer is an Italian startup company offering a new-concept Application Security suite based on the new Dynamic Syntax Tree algorithm, and some Patents invented in 2001 by formerly Scientific Manager, built on Machine Learning, for more fast, efficient and accurate results. Security Reviewer started its path on app security in 2001, Its founders and the Scientific Manager worked together on applying classic security methodologies (OWASP, OSSTM, CVSS notation) on Web apps and Mobile environments. Reverse Engineering experience on Windows, Linux, Mac OSx, iOS and Android apps permitted to apply a new approach on Static and Dynamic analysis of Web and Mobile business or service apps. It found in an important Italian Goverment institution the trust on developing its first Code Inspection product: Static Reviewer – Static Application Security Testing (SAST). After 24 months of presence on the market, other customers as well as our participation on some European Funding projects, stimulated for all-round security of Web and Mobile channels, so Security Reviewer improved its offering by developing a suite of tools. Security Reviewer became a container of a bunch of Innovative Solutions: 

  • Application Security (Mobile, Business apps, Web apps, Firmware) 

  • Biometrics (Fingerprint Sequences, Dynamic Facial Recognition) 

  • Artificial Intelligence (Blockchain, Machine Learning) 

Unique Vendor

Like the universe, the AppSec software marketplace is expanding rapidly. More and more vendors are entering the market, often with a growing range of solutions to create a confusing array of purchase options for corporate buyers.

As companies continue to invest in additional AppSec software systems to handle their ongoing growth, this can often mean the number of vendors they end up dealing with grows at the same time. This creates its own set of difficulties, not the least of which is the increasing amount of time it takes to manage these relationships and coordinate that internally.

Even without multiple AppSec vendors, companies may already be dealing with a significant number of suppliers, even for basic services such as telephone, internet and power. Often it becomes a full-time job for internal administration staff to keep up with the paperwork, reporting faults or requesting technical or sales support, a major cost in itself.

Because we specifically designs our products to work together, on the same platform, there are several advantages for the user including no double data entry, more cross-application features and faster processing speeds.

Security Reviewer does not rely to third-party vendors (except for some open source libraries), all our software is made by us, and is fully-integrated.

COPYRIGHT (C) 2014-2021 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.