Source Patrol is a Static Analysis Security Testing (SAST) tool for Java applications, designed by Pentest Limited to provide developers with an intuitive and simple means to evaluate the security of web applications. It differs from most SAST tools by residing with the development team, so it integrates into the earliest phase of the Software Development Lifecycle (SDLC). Source Patrol puts the development team back in the driving seat, providing coders with immediate feedback without the need for internal audit or security specialists. The intention is that developers quickly learn to avoid the common security mistakes that we as a company see all too frequently, educating and empowering the team thereby reducing both the number of security vulnerabilities and development costs.
In Pentest's experience as an application security specialist it is common practice to engage in a security assessment at the end of the development process or a week or so before Go Live. This assessment is often the first exposure to security testing of any kind and often results in significant security vulnerabilities.
Where these vulnerabilities occur clients are faced with a dilemma: Go live with the risk that these vulnerabilities may be exploited resulting in the potential loss of reputation and revenues or to address the vulnerabilities, delaying the release and incurring the cost of remediation.
Static code analysis is the analysis of computer software that is performed without actually executing programs in order to highlight possible vulnerabilities within the source code. The vulnerabilities can then be addressed by the development team in order to produce applications with a higher level of security. Ideally these tools should be used on an ongoing basis throughout the SDLC.
Source Patrol has been developed in response to Pentest's experience with traditional static code analysis tools. These tools have often been complex and expensive solutions which have been difficult to install and deploy in accordance with a company's specific needs and often produce unwieldy reports. In many cases these tools are not deployed regularly as part of the SDLC as they are not designed for use solely by the development team.
Developed specifically for Java applications and intended for use by the application development team, Source Patrol is as an easy to deploy solution, delivering focussed reports in order to provide information that the development team can understand and act upon.
Source Patrol has been designed to be used as an integral part of companies SDLC to identify and address security vulnerabilities throughout the SDLC delivering applications that are more secure and reducing development costs.
Advantages of Source Patrol:
- Identifies security risks earlier in the development cycle
- Designed to be used as a quality gateway throughout the SDLC
- Designed for use by and for the developers
- Produces immediate reports presenting information that a developer can understand
- Identifies remediation actions