AttackFlow Extension Edition

AttackFlow is a new way of secure coding. Integrated into Visual Studio, it enables developers to find critical security bugs in the source code without any prior knowledge. The finding notifications, explanations and references are detailed enough for a developer to go after fixing the bugs. If the fix is good, there's no need to wait for deployment or commit or even full compilation. AttackFlow will no longer find the related bug again.

AttackFlow is a Visual Studio extension with an easy installation and update. Each time you type syntax error-free code into the development environment, AttackFlow runs in the background trying to find security vulnerabilities including the flow analysis.

Starting from the active module using heuristics and proprietary methods, AttackFlow searches for security vulnerabilities and code quality problems without interfering with the normal coding flow of the developer. Should any findings are revealed, AttackFlow notifies the developer both with a Risk Score badge at the top-right screen of the related code page, adornments under the related problematic code and a list of bugs in a separate window called Vulnerability Window. Developer may then want to delve into the finding details by clicking focused vulnerability and learning details of it opening Information Window.

Software is a complex piece of technology in the very heart of our lives from health to entertainment, from finance to connectivity. No doubt, security should be an integral part of this technology. As the history incessantly reveals malicious intentions against services are not new and software open to whole Internet usage is not an exception. Software products are constant and increasing targets for activists, organized or unorganized hackers, script kiddies, bug hunters and even the governments. A phenomenon that nearly every software security expert agrees upon is that in the software process "the early the bugs are found, the less cost they induce logarithmically". The cost here is not only the money or time, it also means the level of stress on the shoulders of a developer in case of a successful hack.

AttackFlow scan engine currently supports C# and JAVA programming languages with popular framework supports ASP.NET MVC, ASP.NET WebForms and JEE Spring. Currently though, only Microsoft Visual Studio IDE integration for C# exists. The next integration as an extension will be Eclipse for Java.

Yes, it is AttackFlow Enterprise Edition as a desktop version.

AttackFlow radically differs from other security static code analysis solutions. AttackFlow aims to reveal the security bugs on-the-fly while the developer is coding. Developers are used to get notified about syntax problems, pre-compilation warnings and errors exactly when they are typing but without actually compiling the code. This substantially speeds the development process.

Security static source code analysis should support the same behavior, notifying the developer about security problems she is just creating before the code even gets compiled. Doing this AttackFlow analysis doesn’t scope to the current active code module. Every syntax error-free typing triggers AttackFlow to start a security analysis in order to find security vulnerabilities of which the root cause is the code that is being typed. Best of all the smooth performance of the analysis doesn’t interrupt the coding process.