ShiftLeft features identify attackable JavaScript and TypeScript vulnerabilities


ShiftLeft announced that its Intelligent-SCA product has added parsing and attack analysis for JavaScript (JS) and TypeScript (TS) to the ShiftLeft CORE platform.

JavaScript is the most widely used programming language and is also a frequent attack target for cybercriminals looking to exploit vulnerabilities in open source code and the software supply chain.

Development teams using JavaScript frequently add functionality to their code by quickly writing new code or borrowing it from open source libraries like npm or reusing existing libraries and code modules on GitHub. Since JavaScript is a dynamic language and a sort of “Swiss Army Knife” that works on both the front-end and the server-side, developers often move quickly to write quick fixes or hacks that create vulnerabilities. longer term.

Equally difficult, open source JavaScript libraries frequently contain vulnerabilities that create an unknown risk to the application. When the risks introduced are severe, months of remediation work may be required to identify and address all ramifications of the risks.

By adding JavaScript coverage, ShiftLeft has dramatically expanded the ability of Application Security Teams (AppSec) to shift security to the left by providing detailed and specific guidance to development teams on vulnerabilities in web applications and JavaScript frameworks that can lead to damaging attacks.

“With the addition of JavaScript coverage, ShiftLeft is one of the most comprehensive solutions on the market and allows us to test all of our web application code before going into production,” said Adam Fletcher, director of security at Blackstone. “This means we detect security vulnerabilities earlier and can focus our efforts on the most attackable vulnerabilities, which allows us to ship code safely faster. With the new product features, ShiftLeft offers the following benefits:

  • The only Software Composition Analysis (SCA) solution that accurately prioritizes open source JS / TS vulnerabilities by attack with pre-production scans
  • The only SAST solution that accurately identifies attackable JS / TS vulnerabilities in proprietary code with pre-production scans

“By adding JavaScript coverage, ShiftLeft can dramatically increase the percentage of application code covered by attack information,” says Alok Shukla, vice president of products, ShiftLeft. “As the most popular language playing a vital role in the global web and application infrastructure, the security of JavaScript will become even more important as the pace and severity of application and supply chain attacks. open source – much of which is written in JavaScript – will increase in the year 2022.

The addition of JS / TS coverage further consolidates ShiftLeft as the most comprehensive and authoritative provider of application security testing and attack analysis in the market today.

Application security teams and developers using ShiftLeft are able to close more security holes at a faster rate and spend more time focusing on important issues with ShiftLeft’s unique ability to highlight attackable vulnerabilities and to clearly identify theoretical low-risk vulnerabilities.


Comments are closed.