We take an innovative, systematic approach to neutralize potential malicious code before it can be activated to trigger an attack or exfiltrate data.
We utilize a combination of static application security testing (SAST) and binary scanning, along with embedded machine learning (ML) algorithms to identify code that at first glance can look perfectly normal but is designed to damage your software system. Comprehensive scanning includes proprietary, open source, and commercial software components. The human element ensures that malicious code typically invisible to security tools because there are no vulnerability markers is also detected.
The process of identifying malicious code is broken down into two phases.
The abnormal patterns are broken down into finer grained properties by creating a taxonomy or classification of malicious code components and, from this taxonomy, then generate an ontology to gain an understanding of how all the malicious components may interact to form a fully realized malicious code pattern.
Software composition analysis (SCA) identifies all open source dependencies within an application and provides component intelligence to enable teams to look beyond known vulnerabilities and get ahead of potential security risks.
As SCA identifies dependencies, it analyzes them for malicious behavior, such as
Additionally, Black Duck® SCA maintains data on known malicious components so that it can alert teams if associated dependencies impact their applications.