Technical Snapshot

  • Multistage hybrid static code analysis: using 6 analysis engines (such as control-flow and data-flow analysis, contextual analysis and intent-based analysis) to analyze both source code and bytecode.
  • Detects 23 vulnerability categories, including OWASP Top 10, OWASP Mobile Top 10 and SANS Top 25.
  • Remediates vulnerabilities in source code by automatically applying common security libraries and mitigation techniques.
  • Integrates seamlessly with other dev and security tools. Lucent Sky AVM is CWE-Compatible.

Automatic mitigation

  • 9 out of 10 of detected vulnerabilities in source code can be automatically fixed* before testing.
  • Most cross-site scripting and SQL injections, the vast majority of application vulnerabilities, can be automatically solved by Lucent Sky AVM.
  • Vulnerabilities that can't be solved by Lucent Sky AVM are typically categories needing manual intervention such as insecure designs. Implementing Lucent Sky AVM frees up developer time to spend on these more complex vulnerabilities.
* yes, fixed, not just found. Fixed. 9/10 based on Lucent Sky AVM performance averages in .NET and Java applications.

Code-based remediation

How to mitigate a single vulnerability is a straightforward process - most developers know how to do it on a one-by-one basis. But manually mitigating the hundreds or thousands of vulnerabilities in a large and complex application becomes a major roadblock to an efficient SDLC.

Lucent Sky AVM works like a developer does to find and assess vulnerabilities, then place "Instant Fixes" to remediate them. It works just like a developer, but capable of securing hundreds of vulnerabilities at a time.

  1. Choosing the mitigation mechanism
    Lucent Sky AVM follows industry standards and best practices to decide what mitigation mechanisms to use, and where should they be placed. Some vulnerabilities might have multiple mitigation mechanisms that are applicable, such as character-escaping and parameterized query for SQL injections. On the other hand, some vulnerabilities can be mitigated by applying the same mitigation mechanism at any of the applicable locations.

  2. Preventing impact on functionalities and vulnerabilities
    Lucent Sky AVM uses contextual and intent-based information to understand the functionalities the developer was trying to achieve when the vulnerability was created, determine if the applicable mitigation mechanisms and locations will cause impact on other functionalities and peer vulnerabilities. For example, if an user input is used to construct a SQL query and written to a log file, the log file will need to use the original value, while the SQL query will need to use the escaped value, or as a parameter.

  3. Reducing the number of changes with efficient mitigation
    Once applicable mitigation mechanisms are generated for each vulnerability, Lucent Sky AVM conducts an application-wide cross-check to determine the most efficient mitigation mechanism for each vulnerability, based on the potential impact on functionalities and performance. The most efficient mitigation mechanism is then used to generate Instant Fix.

Instant Fix

Each Instant Fix is generated to remediate the a specific vulnerability (and those linked to it) while preserving functionalities and performance. Below are two examples of Instant Fixes:

// CWE-79: Cross-site Scripting
var body = sqlDataReader.GetString(2);
Posts.Text += @"<div style=""margin-left: 30px;"">" + LucentSky.Security.Application.Masker.MaskPrivateInformation(LucentSky.Security.Application.Encoder.HtmlEncode(Body)) + @"</div>";

// CWE-89: SQL Injection
var userName = UserName.Text;
var password = Password.Text;
sqlCommand = New SqlCommand(@"INSERT INTO [User] ([UserName], [Password]) VALUES (@lucentsky_userName, @lucentsky_password)", SqlConnection); sqlCommand.Parameters.AddWithValue("@lucentsky_userName", userName); sqlCommand.Parameters.AddWithValue("@lucentsky_password", password);
// CWE-79: Cross-site Scripting
String eid = request.getParameter("eid");
out.println("Employee ID: " +;

// CWE-89: SQL Injection
String userName = getAuthenticatedUserName();
String itemName = request.getParameter("itemName");
PreparedStatement statement = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = ?"; statement.setString(1, itemName);
ResultSet rs = statement.executeQuery();

Accessible how you want it, where you need it

  • Deployment
    Lucent Sky AVM can be deployed in the cloud, in an on-premise server, or as a stand-alone appliance.
  • Accessibility
    Lucent Sky AVM works with the dev environment you already use. It's accessible through a web interface, inside IDEs, by ALMs, or by interfacing with its API or CLI.
  • Integration
    Lucent Sky AVM integrates with other application security and performance products, such as SAST and DAST, WAF and even APM.

Secure your code and see how it performs

In combination with New Relic APM, Lucent Sky AVM brings security and performance together - without you writing a single line of code.

Effortless setup

Once linked, applications in Lucent Sky AVM are automatically mapped to their counterparts in New Relic APM. Applications created in the future will also be mapped.

Seamless view

Switch from the security view in Lucent Sky AVM to the performance view in New Relic APM with just one click.

Deploy high-performance code that's also secure

Performance and security are no longer trade-offs. In most cases, applications secured by AVM perform as fast as their original, vulnerable counterparts. With New Relic APM, you can see the little (if any) performance impact in realtime.

Learn more about integrating New Relic APM with Lucent Sky AVM.

Leaders in efficiency and automation

Currently, Lucent Sky AVM is the only commercial solution in automatic application vulnerability mitigation. The technology was developed by industry veterans looking to automate common development practices as to add to their security and efficiency. Learn more about the ROI of Lucent Sky AVM.