AttackFlow Extension Edition for Visual Studio v.1.13 » Developer.Team - Developers Paradise!

AttackFlow Extension Edition for Visual Studio v.1.13

AttackFlow Extension Edition for Visual Studio v.1.13
AttackFlow Extension Edition for Visual Studio v.1.13


Static analysis as you type with no interruption and results include injection vulnerabilities. We, developers, are used to get notified about syntactic problems, pre-compilation warnings and errors exactly when we are coding without actually compiling the code. This substantially speeds the development process. Security static source code analysis should support the same behavior, notifying us about security problems we are about to creating.

Plethora of Findings
AttackFlow looks for hundreds of findings including highly critical and popular security weaknesses.

Powerful Scan Engine
A state-of-the-art generic scan engine with injection, control flow, quality assurance analysis.

Built-in to Visual Studio
Being a Visual Studio extension, easy-to-install AttackFlow runs seamlessly with in place notifications.

Actionable
The findings include actionable mitigation items, references and code snippets as well as fix cost and prioritization indicators.

Free of Compilation
No need for full compilation as a prerequisite for scan analysis. Being free of syntax error is enough for running analysis.

Fueling Security Devops
Fits right along with the agility of DevOps teams minimally interrupting the process notifying as the developers code.

AttackFlow is a Visual Studio extension with an easy installation and update.

Starting from the active module using heuristics and proprietary methods, AttackFlow searches for security vulnerabilities without minimal interfering with the normal coding flow of the developer. Should any findings are revealed, AttackFlow notifies the developer with finding details and mitigation alternatives.

AttackFlow is a new way of secure coding. Integrated into Visual Studio, it enables developers to find critical security bugs in the source code without any prior knowledge. The finding notifications, explanations and references are detailed enough for a developer to go after fixing the bugs. If the fix is good, there's no need to wait for deployment or commit or even full compilation. AttackFlow will no longer find the related bug again.

AttackFlow is a Visual Studio extension with an easy installation and update. Each time you type syntax error-free code into the development environment, AttackFlow runs in the background trying to find security vulnerabilities including the flow analysis.

Starting from the active module using heuristics and proprietary methods, AttackFlow searches for security vulnerabilities and code quality problems without interfering with the normal coding flow of the developer. Should any findings are revealed, AttackFlow notifies the developer both with a Risk Score badge at the top-right screen of the related code page, adornments under the related problematic code and a list of bugs in a separate window called Vulnerability Window. Developer may then want to delve into the finding details by clicking focused vulnerability and learning details of it opening Information Window.

Software is a complex piece of technology in the very heart of our lives from health to entertainment, from finance to connectivity. No doubt, security should be an integral part of this technology. As the history incessantly reveals malicious intentions against services are not new and software open to whole Internet usage is not an exception. Software products are constant and increasing targets for activists, organized or unorganized hackers, script kiddies, bug hunters and even the governments. A phenomenon that nearly every software security expert agrees upon is that in the software process "the early the bugs are found, the less cost they induce logarithmically". The cost here is not only the money or time, it also means the level of stress on the shoulders of a developer in case of a successful hack.

AttackFlow scan engine currently supports C# and JAVA programming languages with popular framework supports ASP.NET MVC, ASP.NET WebForms and JEE Spring. Currently though, only Microsoft Visual Studio IDE integration for C# exists. The next integration as an extension will be Eclipse for Java.

AttackFlow radically differs from other security static code analysis solutions. AttackFlow aims to reveal the security bugs on-the-fly while the developer is coding. Developers are used to get notified about syntax problems, pre-compilation warnings and errors exactly when they are typing but without actually compiling the code. This substantially speeds the development process.

Security static source code analysis should support the same behavior, notifying the developer about security problems she is just creating before the code even gets compiled. Doing this AttackFlow analysis doesn’t scope to the current active code module. Every syntax error-free typing triggers AttackFlow to start a security analysis in order to find security vulnerabilities of which the root cause is the code that is being typed. Best of all the smooth performance of the analysis doesn’t interrupt the coding process.

Only for V.I.P
Warning! You are not allowed to view this text.