The Lucent Sky Blog in 2015

Lucent Sky AVM 3.0 released
December 31, 2015

In Lucent Sky AVM 3.0, we are extending mobile application compatibility from Windows and Xamarin apps to iOS and Android apps. The support for mobile-focused vulnerabilities has also been extended. Support for mobile apps developed for iOS and Android is currently in beta, with full support planned in Summer 2016.

Lucent Sky AVM 3.0 is also the second part of a major update that is designed to improve compatibility with large Java applications with thousands of code files and complex referencing structure. In this release, we focused on making Lucent Sky AVM more compatible with Java applications with complex reference structures.

Read the full story
Lucent Sky AVM is now CWE-Compatible
December 08, 2015

We’re excited to announce Lucent Sky AVM’s compatibility with CWE. We’re hoping that this latest milestone will go a ways in establishing application vulnerability mitigation (AVM) technology as in line with established industry norms and categories, and help us in being increasingly specific about how and where we can add value to application development.

Read the full story
Lucent Sky AVM 2.9 released
December 01, 2015

Lucent Sky AVM 2.9 is the first part of a major update that is designed to improve compatibility with large Java applications with thousands of code files and complex referencing structure. The focus of this release is compatibility with JSP files, with additional compatibility improvements coming in the next two releases. In addition, additional features and functionalities have been added to Visual Studio Extension, Eclipse plug-in and the CLI.

Read the full story
Securing an in-production "WebGoat PHP"
November 27, 2015

Lucent Sky AVM recently secured an application we’ll now refer to as “WebGoat PHP”. The application had over 13,000 vulnerabilities, and was originally slated for decommissioning as a result. The client estimated it would be cheaper and more efficient to rebuild the application from ground up than to remediate the volume of vulnerabilities known to be in the application.

By using the Lucent Sky AVM, a significant portion of vulnerabilities were automatically remediated, and the application was able to return online within a few weeks.

Read the full story
Lucent Sky AVM 2.8.1 released
November 02, 2015

Lucent Sky AVM 2.8.1 brings extended functionality to Runtime, which was first available in v2.8. Also included in this release are support for additional types of Java applications such as desktop applications and class libraries. The Visual Studio Extension has also been redesigned to fully support Visual Studio 2015.

Read the full story
Lucent Sky AVM 2.8 released
September 30, 2015

The focus of Lucent Sky AVM 2.8 is the manageability of supporting multiple application servers (called “Runtime” in Lucent Sky AVM). This allows users to scan applications designed for different application servers at ease.

Read the full story
Leveraging multistage hybrid source code analysis in Lucent Sky AVM
September 18, 2015

Lucent Sky AVM makes use of “hybrid source code analysis” in scanning applications. This post first explains how different types of static analysis work, before diving into how Lucent Sky uses a multistage hybrid approach to automate how vulnerabilities are found and fixed.

Most SAST (static application security testing) tools identify vulnerabilities by first creating a “flow graph” (a model that represents the logic of the application), then applying security rules on the flow graph. There are two ways to generate the flow graph - analyzing the source code of the application, or analyzing the binary files of the application. These two approaches not only have different benefits and restrictions, but how they’re implemented also has a major impact on their effectiveness.

Read the full story
Lucent Sky AVM 2.7 released
August 31, 2015

Today we released Lucent Sky AVM 2.7. This release enables applications to be scanned faster and with higher accuracy, and also provides improved reporting and interfaces that resonate with development teams, engineering managers and security professionals.

Read the full story
Lucent Sky AVM in the SDLC: What are partial scanning and incremental scanning?
August 02, 2015

When using a SAST (static application security testing) solution in a software development lifecycle (SDLC), two common concerns are if the SAST solution is capable of scanning an application that's not buildable or compilable, and if it's capable of incremental scanning. These two concerns are sometimes ambiguously referred to as "partial scanning." In this article, we explain the rationale behind these concerns, and how Lucent Sky AVM help developers address them.

Read the full story
Lucent Sky AVM 2.6 released
July 31, 2015

Today we released Lucent Sky AVM 2.6. Version 2.6 marks the first release after we transitioned Lucent Sky AVM to a shorter release cycle. Until version 2.5, we released a new update at the end of each quarter, and occasionally a hotfix pack in between. Starting with version 2.6, we will release a new update at the end of each month.

Read the full story
Lucent Sky AVM 2.5 released
June 30, 2015

Today we released Lucent Sky AVM 2.5. The focus of version 2.5 is to increase the utility of reporting to help developers and other stakeholders better navigate to the efficiency brought by application vulnerability mitigation.

Read the full story
Lucent Sky AVM 2.2 released
April 02, 2015

We just released version 2.2 of Lucent Sky AVM, and are excited to tell you about some of the key updates, including parameterized mitigation for SQL injections and updates of the web UI.

Read the full story