New solution establishes secure development and mass application code acceptance in companies of any scale
Positive Technologies today unveiled PT Application Inspector Enterprise (PT AI Enterprise), a solution that automatically detects vulnerabilities and offers security experts the verification tools they need to secure web applications. In addition, PT AI Enterprise enables the tracking of vulnerabilities and offers recommendations on ways to fix them. The technology enables software professionals to implement a higher level of security from early in the application development process.
This is a critical area: According to Positive Technologies’ own research, the share of web applications with critical vulnerabilities increased to 67 percent in 2018. Today, 75 percent of penetration vectors in corporate information systems involve weaknesses in web application protection. High-profile brands have fallen victim to hackers exploiting vulnerabilities in web applications in the past year.
Within large organizations, experts have to simultaneously audit many contractors' web applications and diverse applications being developed at the same time. PT AI Enterprise allows companies to scale up the scanning process: the more scanning agents there are, the more applications can be analyzed at the same time. The system also allows companies to limit scanning to altered code only, which frees resources to analyze other applications.
"Every development team, and every product it creates, is fundamentally unique—and that’s why it’s vital for the solution creating secure applications to be flexible enough for integration into the existing environment and business processes. This allows the client to not only improve security but also deliver the product and updates faster," says Rami Muleys, head of application security business development at Positive Technologies. "Securing web applications should not be a tick box exercise but a constant guarantee. PT Application Inspector Enterprise ensures precise identification of vulnerabilities at any stage of the project lifecycle, and provides recommendations for inspecting those vulnerabilities and how to resolve them.”
PT AI Enterprise can be easily integrated into the development process, uses a role-based access control model, and allows teamwork with no limitations on the number of users. It can be integrated with modern CI/CD systems (continuous integration/continuous delivery), such as Jenkins, TFS, TeamCity and Gitlab CI, which means vulnerability detection can be automated at the assembly stage. Integration with bug-tracking tools such as Jira and TFS also allow the creation of vulnerability elimination tasks for developers. It features a user-friendly interface and provides analytics to help teams perform better.