Application vulnerability mitigation is the next wave of cybersecurity. By analyzing source code, AVM systems are able to scan for, identify, and automatically mitigate application vulnerabilities. This process dramatically increases the security threshold of an organization's applications by automatically fixing security issues in source code.
Scan – Application source code is scanned using 5 different static analysis engines. This is not penetration testing – AVM relies on having access to source code, the back end of any application, to comprehensively assess potential problem areas.
Identify – During the scan, vulnerabilities are identified within source code. Vulnerabilities are categorized for the purpose of mitigation, and include the OWASP top 10 categories and additional . CLEAR can identify 12 different types of vulnerabilities, including SQL injection, cross-site scripting and all OWASP Top 10 and additional vulnerability categories.
Mitigate – Adaptive algorithms are able to inject mitigated source code to problem areas identified during the scanning process. Developers can inspect the mitigated code and deploy fixes individually or en masse. Only a very small percentage of identified vulnerabilities cannot be automatically mitigated, which are likely caused by flawed logic and need to be manually mitigated. Once the source code is mitigated, developers can test the mitigated code during quality assurance, or deploy it immediately.
What are applications?
All organizations have applications, and most of them are connected to the Internet - web applications (what we see as websites), client-server applications (some components of the application running on the server, and some running on the client ), and mobile applications (the type you'll find on your phone). When people say "website security," they usually mean web application security – it is very hard to find a "static" website in today's rich and dynamic Internet.