ShiftLeft,
Inc. announced
that its Intelligent-SCA product has added scanning and attackability analysis
for JavaScript (JS) and the TypeScript (TS) language to the ShiftLeft CORE
platform. JavaScript is the most widely used programming language and is also a
frequent attack target for cybercriminals seeking to exploit vulnerabilities in
open source code and the software supply chain.
Development
teams using JavaScript frequently add functionality to their code by quickly
writing new code or borrowing it from open source libraries like npm or reusing
existing libraries and code modules on GitHub. Because JavaScript is a dynamic
language and something of a "Swiss Army Knife" working on both the front-end
and the server side, developers often move quickly to write quick fixes or
hacks that create longer term vulnerabilities. Equally challenging, open source
Javascript libraries frequently contain vulnerabilities that create unknown
risk for the application. When the introduced risks are serious, it can require
months of remediation work to identify and address all the risk ramifications.
By
adding JavaScript coverage, ShiftLeft dramatically expanded the ability of
Application Security (AppSec) teams to shift security left by providing
detailed and accurate guidance to development teams on which vulnerabilities in
web applications and JavaScript-driven frameworks can be proven to result in
damaging attacks. "With the addition of JavaScript coverage, ShiftLeft is one
of the most comprehensive solutions in the marketplace and allows us to test
all our web application code before we ever go into production," says Adam
Fletcher, Chief Security Officer at Blackstone. "This means we see security
flaws sooner and can focus our efforts on the most attackable vulnerabilities,
letting us safely ship code faster." With the new product capabilities,
ShiftLeft offers the following benefits:
- The only software composition
analysis solution (SCA) that accurately prioritizes JS/TS open source
vulnerabilities by attackability with pre-production scans
- The only SAST solution that
accurately identifies attackable JS/TS vulnerabilities in first-party code
with pre-production scans
"By
adding JavaScript coverage, ShiftLeft can dramatically expand the percentage of
application code covered with attackability insights," says Alok Shukla, VP
Products, ShiftLeft. "As the most popular language playing a critical role in
the global web and application infrastructure, JavaScript security will become
even more important as the pace and severity of attacks on applications and the
open source supply chain - much of which is written in JavaScript - increase
over the course of 2022."
The
addition of JS/TS coverage further cements ShiftLeft as the most comprehensive
and authoritative provider of Application Security testing and attackability
analysis on the market today. Application security teams and developers using
ShiftLeft are able to close more security gaps at a faster pace and spend more
time focusing on the issues that matter thanks to the unique ability of
ShiftLeft to spotlight attackable vulnerabilities and clearly identify low-risk
theoretical vulnerabilities.