Interactive Application Security Testing (IAST) tools combine the best of SAST and DAST tools by analyzing the source code of a web-based application while it is running to identify more vulnerabilities with a much lower rate of false positives. This enables security teams to focus on actual verified security vulnerabilities, thereby improving productivity and reducing business risk. It’s like having a round-the-clock penetration testing team continuously monitor your web applications.
Lexington Soft offers the IAST tool, Seeker by Synopsys, which uses its patented active verification technology to automatically retest identified vulnerabilities, validate whether they are real and can be exploited, and provide a real-time view of the top security vulnerabilities. Detailed dashboards show compliance with standards such as OWASP Top 10, PCI DSS, GDPR, and CWE/SANS Top 25.
Seeker’s sensitive-data tracking capability enables you to see where critical data is being stored with weak or no encryption. Alerts are generated when sensitive data is exposed, helping to ensure compliance with key industry standards and regulations such as PCI DSS and GDPR.
Seeker also identifies vulnerable code and offers detailed contextual remediation advice to help your developers learn and fix vulnerabilities quickly, without being security experts themselves.
Open source and third-party code
Seeker integrates with the SCA tool Black Duck, which analyzes target binaries for open source security vulnerabilities, versioning, license compliance and other potential risk issues. You’ll get a unified view of all identified vulnerabilities found by Seeker and Black Duck.
Seamless integration into CI/CD workflows
Native integrations, web APIs, and plugins provide seamless integration of Seeker with the tools you use for on-premises, cloud-based, microservices-based, and container-based development. You’ll get accurate results out of the box, without extensive configuration, custom services, or tuning.
Seeker continuously monitors web app interactions in the background during normal testing and seamlessly integrates with automated CI build servers and test tools. It can leverage these tests (e.g., manual QA of login pages or automated functional tests) to automatically generate multiple security tests as well.
Seeker uses code instrumentation techniques (agents) inside running applications. It can scale to address large enterprise security requirements.
Want to know if Synopsys Seeker will meet your IAST needs? Lexington Soft will gladly provide a sales demo and proof of concept, conduct product evaluations and even offer you a free trial!
Lexington Soft also offers the following software testing tools from Synopsys:
- Coverity – SAST tool
- Black Duck – Software Composition Analysis
- Seeker – Interactive Application Security Testing
- Defensics – Fuzz Testing
- Web Scanner – Dynamic Application Security Testing
- Code Dx – AppSec Automation Platform
Invest in software integrity to build trust into your software. Contact us today!