Attackflow -Static Code Analysis Solution- serves Application Security Testing solutions engine with static code analysis being the point of interest. Providing the first effective secure development solution focusing the developers as they type their code, the Attackflow now also provides an enterprise edition mainly for security auditors finding weaknesses in their software portfolio.
Attackflow helps you to find security and quality weaknesses in your software by analyzing the code and eradicate them by presenting actionable mitigation details and prioritization information.
Software is a complex piece of technology in the very heart of our lives from health to entertainment, from finance to connectivity. As the history incessantly reveals malicious intentions against services are not new and software open to whole Internet usage is not an exception. Software products are constant and increasing targets for activists, organized or unorganized hackers, script kiddies, bug hunters and even the governments. Attackflow Product Family can help you identify weaknesses in your software before hackers do.
Attackflow has a generic and fast static code analysis scan engine which supports flow and control flow analysis as well as basic syntax and semantic support. Using this generic engine the team is continuously adding support for other popular programming languages and frameworks.
Attackflow uses taint analysis to identify variables that have been ‘tainted’ with user controllable input and traces them to possible vulnerable functions also known as a ‘sink’. If the tainted variable gets passed to a sink without first being sanitized it is flagged as a vulnerability.
With TFS (Cloud/On-premise), Git, Github, SVN, Bitbucket code repository integration capabilities Attackflow can integrate to your Secure Development Life Cycle easily.
Attackflow provides IDE like auditing interface for analyzing reported weaknesses in place and HIPAA, PCI, OWASP ready preparation support with its reporting details.
With its sophisticated and clear interface any development or security savvy IT authority can use AttackFlow Enterprise Edition easily for finding weaknesses in their software portfolio.