The Myth of False Positives in Static Application Security Testing
Static application security testing tools are notorious for presenting false positives, i.e., incorrect …
Die deutsche Pressemitteilung zum Preis finden sie hier.
Today marks a significant milestone in our company, as we just received the startup innovation award from OstWestfalenLippe GmbH. Our solution impressed the 12-person jury who stated “CodeShield has succeeded in consistently transferring results from basic research into practical application. The jury sees enormous market potential. On the one hand, because the highly innovative solution can be used by all companies that develop or use cloud software, regardless of the industry. On the other hand, because its innovation addresses one of the most pressing challenges for Germany as a business location: digital sovereignty and security. With this in mind, it is remarkable and a strong signal that the founders are operating their business model from OstWestfalenLippe.”
Surveys show that over 80% of companies in Germany use the cloud - and the trend is rising. At the same time, the number of cyberattacks increases dramatically. Cyberattacks are reported almost daily. An additional challenge to securing cloud applications is the high speed by which applications and their infrastructure change. Based on these facts, it is almost impossible to identify all security risks and to protect yourself adequately against them. IT security is therefore a focal point for companies and strengthening digital sovereignty is a decisive factor for the innovation and competitiveness of the German economy as a whole.
This is exactly where our tool comes in. Our cloud security tool supports the secure development and operation of cloud applications of every company regardless of size and industry. Using static analysis technologies, security gaps in application code, open-source libraries, and within the cloud environment can be identified automatically. Incorrect access settings and insecure configurations as well as weak or outdated software packages can be likewise easily detected at an early development stage. The static analysis method we employ is able to analyze even complex systems without influencing their runtime performance in production. All relevant security issues can be identified without triggering too many false alarms. This is a decisive added value compared to other solutions on the market because security teams in companies are often confronted with hundreds or even thousands of warnings every day. A targeted risk assessment and a prioritization engine combined are our technology’s advantages.
The OWL Innovation Award is intended for innovative products and services from East Westphalia. The OWL prize is an important business award with a large number of participants. At the 14th call for entries for the competition, 93 companies submitted 94 innovations, and three companies were awarded out of all top-class participants. The evaluation criteria are the degree of innovation, the customer benefit, and the added value compared to other solutions, the market potential, successful collaborations or technology, and knowledge transfer as well as the dynamics of the founding team.
Static application security testing tools are notorious for presenting false positives, i.e., incorrect …
In this post, I want to explain the difference between CodeShield and other cloud security solutions. I …
One could call it another proof of concept. But due to the importance of this app, this time there is even …