Questions? +1 (202) 335-3939 Login
Trusted News Since 1995
A service for healthcare industry professionals · Friday, March 1, 2024 · 692,483,018 Articles · 3+ Million Readers

The New Supply Chain Security by DerScanner Ensures Safety of Open-source and Third-party Components

DerScanner introduces Supply Chain Security to ensure the security of third-party components downloaded from the Internet.

The Supply Chain Security in DerScanner embodies the authentic spirit of open-source by ensuring its freedom and security. It proactively alerts developers about possibly compromised packages.”
— Dan Chernov, CEO of DerScanner
DUBAI, UNITED ARAB EMIRATES, December 1, 2023 /EINPresswire.com/ -- DerScanner, a complete solution for application security testing introduces Supply Chain Security. Third-party components downloaded from the Internet may comprise up to 80% of the code volume in an average application. Cyber Attackers frequently target these packages, presenting a significant threat to application integrity. The new DerScanner validates each open-source package a developer might integrate into their application, ensuring confidence in third-party components.

To equip developers with a reliable measure of component security, DerScanner assigns a reputation score to each verified package, considering several factors evaluated by the AI-powered engine. The score examines the author's credibility, the package's popularity and update frequency, the timeliness of security fixes, the package's novelty, and the extent of community verification of pull requests. Through this comprehensive assessment, DerScanner empowers developers with the insight to determine the safety of incorporating each third-party package into their application's architecture.

As attackers refine their methods, a comprehensive scan of the open-source repositories becomes crucial. The vulnerabilities of the third-party components pose a substantial threat, potentially granting attackers access to entire applications. Hackers often create clones of popular libraries, publish them under similar names, and embed malicious code into these seemingly benign replicas. Those risks are further amplified in large-scale projects, where a single developer might use an outdated or unpatched package, inadvertently opening the door to cyber-attacks. The new Supply Chain Security capability in DerScanner represents a significant enhancement to the traditional Software Composition Analysis, augmenting its capabilities to deliver a more robust defense against sophisticated attack scenarios, such as zero-day threats.

“The Supply Chain Security capability in DerScanner embodies the authentic spirit of open-source by ensuring its freedom and security. It goes beyond merely identifying known vulnerabilities, proactively alerting developers about possibly compromised packages before their integration into applications, thus preemptively shielding against potential harm. ” - said Dan Chernov, CEO of DerScanner.

About DerSecur

Established in 2011, DerSecur has emerged as a trusted solution provider in bolstering application resilience against cyber threats. Born from a foundation in a leading research institute for computer science, our code analysis technology now serves a global clientele in over 30 countries. Our team, comprised of 70 dedicated scientists and researchers, is at the forefront of innovation in cybersecurity.

DerScanner is designed to be a thorough solution for identifying and addressing security vulnerabilities in both mobile and web applications. It provides two key types of analysis: static analysis (SAST), which examines code before it runs, and dynamic analysis (DAST), which tests applications in a running state. This dual approach ensures a comprehensive review of your application's security. With the recent expansion, DerScanner now includes Software Composition Analysis and Supply Chain Security. This development is particularly crucial for applications that rely on open-source components, enabling developers to verify the safety of third-party code integrated into their projects.

What sets DerScanner apart is its unique capability to analyze both source and binary code, making it a global leader in versatility with support for 36 programming languages. It excels in understanding polyglot applications and significantly minimizes false positives through its proprietary Fuzzy Logic Engine technology.

DerSecur focuses on providing a practical, efficient, and user-friendly tool for application security testing, helping developers maintain secure and robust applications.

Give it a try at https://derscanner.com/

Andy Dankiewicz
DerSecur Ltd
email us here
Visit us on social media:
LinkedIn

Powered by EIN Presswire


EIN Presswire does not exercise editorial control over third-party content provided, uploaded, published, or distributed by users of EIN Presswire. We are a distributor, not a publisher, of 3rd party content. Such content may contain the views, opinions, statements, offers, and other material of the respective users, suppliers, participants, or authors.

Submit your press release