Lucent Sky AVM is a ground-breaking technology that allows developers to automatically remediate known security vulnerabilities in .NET, Android, ASP, C/C++, iOS, Java and PHP applications. Lucent Sky AVM makes DevOps security efficient, actionable and scalable for everyone.
How to mitigate a single vulnerability is a straightforward process - most developers know how to do it on a one-by-one basis. But manually mitigating the hundreds or thousands of vulnerabilities in a large and complex application becomes a major roadblock to an efficient SDLC.
Lucent Sky AVM works like a developer does to find and assess vulnerabilities, then place "Instant Fixes" to remediate them. It works just like a developer, but capable of securing hundreds of vulnerabilities at a time.
Each Instant Fix is generated to remediate the a specific vulnerability (and those linked to it) while preserving functionalities and performance. Below are two examples of Instant Fixes:
// CWE-79: Cross-site Scripting var body = sqlDataReader.GetString(2); Posts.Text += @"<div style=""margin-left: 30px;"">" + LucentSky.Security.Application.Masker.MaskPrivateInformation(LucentSky.Security.Application.Encoder.HtmlEncode(Body)) + @"</div>"; // CWE-89: SQL Injection var userName = UserName.Text; var password = Password.Text; sqlCommand = New SqlCommand(@"INSERT INTO [User] ([UserName], [Password]) VALUES (@lucentsky_userName, @lucentsky_password)", SqlConnection); sqlCommand.Parameters.AddWithValue("@lucentsky_userName", userName); sqlCommand.Parameters.AddWithValue("@lucentsky_password", password);
// CWE-79: Cross-site Scripting String eid = request.getParameter("eid"); out.println("Employee ID: " + org.lucentsky.security.application.Encoder.htmlEncode(eid)); // CWE-89: SQL Injection String userName = getAuthenticatedUserName(); String itemName = request.getParameter("itemName"); PreparedStatement statement = "SELECT * FROM items WHERE owner = '" + userName + "' AND itemname = ?"; statement.setString(1, itemName); ResultSet rs = statement.executeQuery(); rs.close();
In combination with New Relic APM, Lucent Sky AVM brings security and performance together - without you writing a single line of code.
Once linked, applications in Lucent Sky AVM are automatically mapped to their counterparts in New Relic APM. Applications created in the future will also be mapped.
Switch from the security view in Lucent Sky AVM to the performance view in New Relic APM with just one click.
Deploy high-performance code that's also secure
Performance and security are no longer trade-offs. In most cases, applications secured by AVM perform as fast as their original, vulnerable counterparts. With New Relic APM, you can see the little (if any) performance impact in realtime.
Learn more about integrating New Relic APM with Lucent Sky AVM.
Currently, Lucent Sky AVM is the only commercial solution in automatic application vulnerability mitigation. The technology was developed by industry veterans looking to automate common development practices as to add to their security and efficiency. Learn more about the ROI of Lucent Sky AVM.