Product features
We have build an environment that is just like an IDE, but tailored for security work. The added features help security experts in code review in many ways.
Not by fully automating: we see that full automation tools just are not good enough: too many false positives while at the same time missing out vulnerabilities.
We believe in the symbiotic cooperation of man & machine. Our review environment therefore augments the work of the human security expert.
The features of the review environment automate part of the human work, making code review more fun. And more efficient and effective: up to 100% performance increase.
How does our product work?
The review environment helps security analysts to codify their knowledge. This is greatly illustrated by the fundamental feature of the review environment: the ability to set codemarks. With a codemark you highlight code as 'interesting' from a security perspective. You describe the security implication of that piece of code, and link it to other codemarks to mark a vulnerable path through the codebase.
Screenshot: defining and connecting codemarks to show the vulnerable path
Improved reporting
We believe that the life of security experts (and their customers...) can be made a lot easier. An example is how the review environment enables communicating vulnerabilities to the final beneficiary: the software developer.
Currently a pentest report or vulnerability scan is a thick report. With the review environment, you bundle codemarks into a vulnerability, and can easily send that vulnerability to the issue tracker of the software developer.
Screenshot: defining and connecting codemarks to show the vulnerable path
And much more...
The review environment has many more features, some with small and some with high impact. And some ready & tested, others in production. So try it, ask for a demo, or share your ideas or wishes with us!
Screenshot: many more features to discover!