In Lucent Sky AVM 3.0, we are extending mobile application compatibility from Windows and Xamarin apps to iOS and Android apps. The support for mobile-focused vulnerabilities has also been extended. Support for mobile apps developed for iOS and Android is currently in beta, with full support planned in Summer 2016.
Lucent Sky AVM 3.0 is also the second part of a major update that is designed to improve compatibility with large Java applications with thousands of code files and complex referencing structure. In this release, we focused on making Lucent Sky AVM more compatible with Java applications with complex reference structures.
We're excited to announce Lucent Sky AVM's compatibility with CWE. We're hoping that this latest milestone will go a ways in establishing application vulnerability mitigation (AVM) technology as in line with established industry norms and categories, and help us in being increasingly specific about how and where we can add value to application development.
Lucent Sky AVM 2.9 is the first part of a major update that is designed to improve compatibility with large Java applications with thousands of code files and complex referencing structure. The focus of this release is compatibility with JSP files, with additional compatibility improvements coming in the next two releases. In addition, additional features and functionalities have been added to Visual Studio Extension, Eclipse plug-in and the CLI.
Lucent Sky AVM recently secured an application we'll now refer to as "WebGoat PHP". The application had over 13,000 vulnerabilities, and was originally slated for decommissioning as a result. The client estimated it would be cheaper and more efficient to rebuild the application from ground up than to remediate the volume of vulnerabilities known to be in the application.
By using the Lucent Sky AVM, a significant portion of vulnerabilities were remediated, and the application was able to return online within a few weeks.
Lucent Sky AVM 2.8.1 brings extended functionality to Runtime, which was first available in v2.8. Also included in this release are support for additional types of Java applications such as desktop applications and class libraries. The Visual Studio Extension has also been redesigned to fully support Visual Studio 2015.
The focus of Lucent Sky AVM 2.8 is the manageability of supporting multiple application servers (called "Runtime" in Lucent Sky AVM). This allows users to scan applications designed for different application servers at ease.
Lucent Sky AVM makes use of "hybrid source code analysis" in scanning applications. This post first explains how different types of static analysis work, before diving into how Lucent Sky uses a multistage hybrid approach to automate how vulnerabilities are found and fixed.
Most SAST (static application security testing) tools identify vulnerabilities by first creating a "flow graph" (a model that represents the logic of the application), then applying security rules on the flow graph. There are two ways to generate the flow graph - analyzing the source code of the application, or analyzing the binary files (called "IL" or "bytecode" in .NET and Java) of the application. These two approaches not only have different benefits and restrictions, but how they're implemented also has a major impact on their effectiveness.
Today we released Lucent Sky AVM 2.7. This release enables applications to be scanned faster and with higher accuracy, and also provides improved reporting and interfaces that resonate with development teams, engineering managers and security professionals.
When using a SAST (static application security testing) solution in a software development lifecycle (SDLC), two common concerns are if the SAST solution is capable of scanning an application that's not buildable or compilable, and if it's capable of incremental scanning. These two concerns are sometimes ambiguously referred to as "partial scanning." In this article, we explain the rationale behind these concerns, and how Lucent Sky AVM help developers address them.
Today we released Lucent Sky AVM 2.6. Version 2.6 marks the first release after we transitioned Lucent Sky AVM to a shorter release cycle. Until version 2.5, we released a new update at the end of each quarter, and occasionally a hotfix pack in between. Starting with version 2.6, we will release a new update at the end of each month.