SecureAssist Overview & Datasheet

Empower development teams to build secure software from the start

Security vulnerabilities are introduced into applications when the code is written. So, why wait until development is complete to find them? Or worse, after the code is released into production when it’s the costliest and most difficult to fix?  SecureAssist is a lightweight static analysis tool that automatically detects common application vulnerabilities as you code and offers practical remediation guidance and training so you can fix each issue before it leaves your work station.

So much more than a tool

SecureAssist is much more than a testing tool—it’s a teaching tool. It teaches secure coding practices and improves developer productivity by identifying the design flaw or vulnerability, explaining the issue represented, and providing just-in-time contextual guidance. By improving developer security awareness, SecureAssist helps organizations deliver more secure software faster.

Fit security into your current development process

There is no need to change what you’re doing. SecureAssist automatically scans code inside your IDE (e.g., Eclipse and Visual Studio) and provides remediation advice tailored to your coding language (e.g. Java, Javascript, PHP and .NET).

Learn to code securely while you work

The more you use this security tool, the more proficient you’ll become at coding securely. The more proficient you become at coding securely, the less time you’ll have to spend finding and fixing those pesky bugs that rob productivity and increase your risk profile. Even better, all that time you save by fixing issues on-the-fly will free you up to develop more cutting-edge features and upgrades.

Keeps your SDLC zipping along

When critical issues aren’t found until late in the development process, they take longer to fix and often jeopardize release plans. By addressing security earlier in your development cycle with SecureAssist, you eliminate any need for hundred-page bug reports, triaging, and costly delays. That translates to an increase in productivity, lowers costs, and faster time to market.

It’s like having a software security “spell-checker” in your IDE

4 more reasons to use SecureAssist

  1. It’s agile-friendly
    By introducing security early in the process, SecureAssist fosters the tight feedback loops needed in a modern agile environment.
  2. It’s customizable
    Create custom vulnerability rules and standardize company-approved guidance and configuration settings.
  3. It reports remotely
    View aggregate and individual statistics to quantify how you’ve improved your company’s security over time.
  4. It’s refreshed regularly
    Get updated rules as new vulnerabilities surface and receive periodic product updates with feature expansions.

So easy to use

  1. First, install SecureAssist into your IDE.
  2. While coding, SecureAssist automatically scans your code and points out vulnerabilities.
  3. Double-click to jump to the highlighted risky code, review the issue in code-view, and get in-depth guidance on how to fix the issue.
  4. Implement the syntax-specific remediation advice and go back to coding.
  5. Management checks the nightly dashboard to find out what issues were corrected.

Supported Languages

  • Java
  • Javascript
  • PHP
  • .Net

Supported IDEs

  • Eclipse
  • Spring Tool suite
  • RAD
  • Visual Studio
  • IntelliJ

SecureAssist checks

  • Injection
  • Broken authentication and session management
  • Cross-site scripting (XSS)
  • Insecure direct object references
  • Security misconfiguration
  • Sensitive data exposure
  • Unvalidated redirects and forwards
  • Malicious file execution
  • Information leakage and improper error handling