Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 66 Next »

Cloud Reviewer Saas is an all-one Cloud-native application security suite platform, multi-tenant, fully managed and provisioned as a service. Analyses like: 3rd parties' libraries and open source (SCA), Static (SAST) and Dynamic (DAST) analyses at your hand with complete management of vulnerabilities found, False positives, results, reports, data export. Mobile binary analysis (MAST) and Firmware Analysis are also available in the Enterprise version.

Our SaaS service has two targets:

  • Italian Government Institutions

  • International Enterprises and Institutions

In collaboration with 5M Informatica, Cloud Reviewer is under Qualification as official Cloud Service to Italian National Cybersecurity Authority (ACN), as SaaS service of QC1 level. The Qualification simplifies, regulates and makes more secure the acquisition of cloud services by Public Administrations, in line with the indications of the National Cybersecurity Strategy. It guarantees adequate levels of security for Public Administration’s services and data, progressively increasing the quality and reliability of cloud service providers. The path enables a migration to the cloud, consistent with the classification of data and services and ACN's security and qualification requirements, helping to progressively reduce cyberattacks.

Main Topics

SAST

Scans uncompiled code and doesn’t require complete builds. Sets the new standard for instilling security into modern development.

An application can be made of different Programming Languages

Cloud Reviewer recognizes all programming languages that are composing the analyzed app, as well as the Dominant Language (i.e. the Language with higher LOC).

You can drill-down to Findings details:

A customizable reporting feature is available.

DAST

With Dynamic Reviewer DAST Light-PenTest module, you can inspect your web application as blackbox during running, no need to backup your data. It detects vulnerabilities, show the Exploits, but doesn’t apply them. It also detects Client-side vulnerabilities.

Each Finding can explored in details:

A customizable reporting feature is available.

SCA

SCA (Software Composition Analysis) identifies project dependencies on 3rd-party components. SCA will automatically determine if those components have known, publicly disclosed, vulnerabilities as well as licenses-related issues

You can drill down to details:

A customizable reporting feature is available.

Vulnerability Management

Ous SaaS provides a complete Vulnerability Management platform, based on our Team Reviewer product.

Team Reviewer provides a unified interface for accessing all our tools, an effective vulnerability discovery, management & tracking, by continuously identifying threats, monitoring changes in your network, discovering and mapping all your devices and software and reviewing configuration details for each asset.

See Team Reviewer’s Integration Checklist.

SaaS Plans

  • Pay-per-Scan. Small activation fee and pay a best-price fee for each SAST, DAST, SCA scan. Suitable for small organizations. 1 User. No LOC limits. Each customer has its own private space. Standard Support.

  • Professional: Pay-per-User. Starting package of 5 Users, 1 year subscription, unlimited SAST, DAST, SCA scans, unlimited Apps-Products, unlimited LOC. For each customer a separate Server is provided. Standard Support. With an additional fee you can add Gold Support to the subscription.

  • Developer. Professional (Pay-per-User) + IDE and DevOps integration. Access to our SaaS directly from your preferred IDE and your preferred CI/CD Platform.

  • Enterprise. Unlimited Users. 1 year subscription, unlimited SAST, DAST, SCA scans, unlimited Apps-Products, unlimited LOC. Additionally you can add Mobile Reviewer and /wiki/spaces/KC/pages/131110 in SaaS mode. Gold Support

For detailed information about Support, please refer to:  https://securityreviewer.atlassian.net/wiki/spaces/KC/pages/2442100737/Support+Maintenance

Advantages

Saas solution offers:

Flexibility: you can choose a Plan based on your initial needs and increase it in case of necessity.

Scalability: you don’t need to increase your IT infrastructure, we provide you all the necessary storage and performance when changes in increased workloads are required.

Accessibility: Every time from everywhere.

Availability: uptime of the application over 98%.

Reliability: 99 percent success rate in transactions completed to the database.

Cost saving: No needs of an IT infrastructure. it does not require any initial investment and allows the OPEX to be supported only on the basis of specific needs of the moment. No time/money spent in products installation/configuration/update.

Security: Assurance of maximum Security compliance based on SLA. Security Reviewer places the utmost importance on data security. We handle your data in compliance with the most important Standards and Regulations regarding Privacy and Data Protection. For more information on what data is managed, what are the rules by which we access and transfer and store your data, data encryption, SOC2 compliance, regulatory requirements, and the response to data breach or security threat, please refer to our Security and Compliance Policy.

Privacy: When Enhanced Code Security is applied, your source code never leave your infrastructure

Code Security

You have two options:

  • Standard: You submit your zipped source code via TLS 1.3. During upload, it will be AES-256 Encrypted. After scan completion, you can drill down to your Findings as well as the affected source code. You can also pull the code from a GIT Repository. It will be cloned in a AES-256 Encrypted storage.

  • Enhanced: The source code will be pre-processed using an auto-downloadable Desktop App (Static Reviewer Local Analyzer) and converted in our proprietary Dynamic Syntax Tree irreversible format (reverse-engineering not possibile); the resulting Dynamic Syntax Tree will be encrypted with AES-256 and transmitted via TLS 1.3. Reports and Findings will only show few lines around the vulnerable code (n. of lines is configurable). Your source code never leave your PC.

Datacenters SLA

ITALIAN GOVERMENT INSTITUTIONS

Italian Global Cloud Data Center (IT3) - DC-A

cloudreviewer.it service is reserved to Italian Government Istitutions, with the same high-quality services described above, but in a different Data Center infrastructure, located in Bergamo (Greater Milan Area), handled by Aruba, official ACN Cloud Infrastructure provider (IN-56).

The Global Cloud Data Center is the largest data center campus in Italy, with a surface area of 200,000m2 in Ponte San Pietro (BG), just a few minutes from Milan. All facilities have been designed and built to meet or exceed the highest levels of resilience, in accordance with ANSI/TIA-942 Rating 4 requirements and the ISO 22237 standard, the international benchmark standard for the entire life cycle of a data center, from strategic conception to building and operation. At the IT3 Data Center, traffic can be exchanged with all the operators on the Milan Internet eXchange in Milan, thanks to the MIX Point of Presence.

It is composed by:

  • Rating 4 (former Tier 4) ANSI/TIA 942-B-2017

  • Maximum logical and physical security with armed surveillance 24/7 and 7 levels of access

  • Anti-sismic and hydrogeological risk-proof

  • Up to 60MW of power

  • Self-produced hydroelectric and photovoltaic energy

  • Double multi-modular power center with UPS boasting 2N + 1 redundancy

  • Made-to- measure power of up to 40kW per rack

  • Redundant emergency generators with 48-hour full-load autonomy without refuelling

  • Data hall made entirely of firewalls and ceiling with double insulation

  • Carrier neutral data center with optional managed connectivity

  • Made-to-measure colocation solutions: from rack units to a dedicated data center

  • Storage and office space available to customers

See the Data Center datasheet with Certification and Compliance.

See the Data Center Racing Team Certifications.

INTERNATIONAL ENTERPRISES AND INSTITUTIONS

For legal documentation see: https://www.server4you.net/legal-and-documents

European DataDock in Strasbourg

cloudreviewer.net service is provided to Europe, Africa & Middle East Enterprises and Istitutions seeking for an high-quality SaaS service for SAST, SCA, DAST, MAST and Vulnerability Management, as described above.

DataDock and other 4 Data Centers in UK and Germany have been in planning since 2007 and first became operational in 2010. The primary aim was a certain energy efficiency, to reduce both environmental impact and also operating costs. With the integration of a unique well-cooling into the data center concept, energy consumption can be kept so low that it has been acclaimed the greenest data center in Europe.

  • Fully redundant MPLS ring structure with a total capacity of 550 Gbit/s

  • Backbone connects the data center on one path directly with Frankfurt, as well as on another redundant path over Paris and Brussels

  • All data is delivered to the Internet with optimal performance and accessibility

  • 66% less power consumption for the data center infrastructure, when compared to the average data center

  • 25% less overall energy consumption

  • Electrical supply: Transformers, low-voltage mains distribution, UPS components and generators each with n+1 or 2n+1 redundancies

  • Cooling: Well systems, pumps and cooling circuits each with n+1 or 2n+1 redundancies

  • Auditing: Highest attainable rating of five stars in 2013 from Datacenter Star Audit (DCSA)

  • Core backbone Frankfurt-Strasbourg: 100 Gbit, Deutsche Telekom: 17x 10Gbit, Level(3): 10x 10Gbit, TeliaSonera: 8x 10Gbit, Cogent: 5x 10Gbit, Telefónica: 3x 10Gbit, DE-CIX: 6 x 10Gbit, ECIX: 6 x 10 Gbit

US DataPort in St. Louis, MO

For North, Central and South American Enteprises and Istitutions, cloudreviewer.com provides the same services described above, located in the US East (New York), US West (Seattle) and US Central (St. Louis).

They became operational in 2013 and is currently considered one of the most modern data centers worldwide. It stands out particularly for its strategically optimal location in the heart of the USA, has connectivity to all major carriers and sits directly on the main artery of the American network.

  • They are located in New York, Seattle and St. Louis, with best connectivity for both the East and the West Coast

  • Fastest route is always selected automatically

  • Completely redundant layout: Upon loss of one carrier, the system rapidly switches to another backbone

  • Availability is permanently maintained

  • Space: 14,000 sq ft

  • Capacity: 2MW generator, UPS-protected

  • Cooling: 17x 30 ton CRACs = 510 tons total cooling capacity, redundant cooling loop

  • Audited in accordance to SOC2 (Security Operation Center)

  • Cogent: 6x 10Gbit (+ further 10x 10Gbit available), TeliaSonera: 6x 10Gbit

Asian Data Centers

cloudreviewer.int is provided to Eastern Countries, for Enterprises and Istitutions seeking for an high-quality SaaS service for SAST, SCA, DAST, MAST and Vulnerability Management, as described above.

Our Services are hosted in Tier 3 & Tier 4 Data Centers, located in:

  • Mumbai, Noida (India)

  • Sidney (Australia)

  • Tai Seng (Singapore)

  • Tokio (Japan)

From Asia we provide fast connectivity to Europe and US:

We provide low latency for Japan, China, Korea and Beyond

Premium Connectivity throughout Australia and New Zealand:

All above Data Centers offer the same high-level standards, like:

  • Redundant Power Supply

  • Redundant Internet Connection

  • Redundant Cooling

  • Physical Security

  • Energy Efficiency

  • 365-days/year People On The Ground

Certifications:

  • BCA-IMDA Green Mark Gold 

  • ISO/IEC 27001:2013 

  • ISO/IEC 20000-1:2011  

  • OC1 Type2 (SSAE18) 

  • ANSI/TIA-942-B Rated-3  

  • PCI DSS 

  • No labels