Translated by

Solar appScreener (before Solar inCode)

Product
Developers: Rostelecom-Solar (before Solar Security, Solar Security)
Date of the premiere of the system: 2015/10/29
Last Release Date: 2019/07/11
Technology: Development tools of applications

Content

Solar appScreener (before Solar inCode) is the analyzer of applications on existence of vulnerabilities and not declared opportunities (NDV).

2019

Release of Solar appScreener of version 3.2

On July 11, 2019 the Rostelecom-Solar company released the next version of the analyzer of security of the Solar appScreener applications which supports 29 programming languages now, including language of applications of 1C, popular in Russia. Besides, in Solar appScreener references to vulnerabilities in the register of the Databank of security risks of information of FSTEC were added.

Solar appScreener
«
Thanks to support of language of 1C the next version of our analyzer can reveal vulnerabilities and NDV in the application with which practically all Russian organizations work. "1C. Enterprise". At the same time at each specific enterprise the customized configurations of this software which are implemented by numerous partners of 1C are used. In development process of modifications and versions vulnerabilities can be accidentally entered to the application or NDV are intentionally put,
notes Daniil Chernov, the head Solar appScreener of Rostelecom-Solar company
»

Besides, Solar appScreener 3.2 supports the VBA programming language – Visual Basic for applications. This language is built in a product line of Microsoft Office, including versions for Mac OS and also many other software packages (AutoCAD, CorelDRAW, accounting and financial programs). VBA is actively used by developers as allows to make changes to applications. Now users of the analyzer can perform verification of applications on VBA intended for production management, technical support, trade, construction engineering, telephony, data processing, management of flows of documents, financial service, legal support, medicine.

Also the version of Solar appScreener 3.2 supports a popular framework of ASP.NET which is actively applied when developing web applications and is based on web services, program infrastructure and a programming model of Microsoft. On ASP.NET a number of the demanded high-loaded applications is implemented.

In addition to support of 29 programming languages that for July, 2019 exceeds possibilities of all competing solutions, in this version links to the corresponding vulnerabilities in the register of the Databank of security risks of information of FSTEC with a possibility of their unloading in reports are available to users. It is important for specialists who work with vulnerabilities in the Russian software as in the international registers of CVE (Common Vulnerabilities and Exposures) vulnerabilities these vulnerabilities can be absent. And also for the security officers who are engaged in protection of GIS, ISPDN and an APCS on objects of KII. For July, 2019 the Databank of FSTEC contains about 22 thousand records from which one and a half hundred are not provided in CVE base.

In the direction of development integration with third-party development tools SOFTWARE in Solar appScreener 3.2 there was an augmented list of the supported services of continuous integration and delivery of CI/CD. Now except Jenkins and TeamCity the solution is integrated with Azure DevOps Server 2019 (before Team Foundation Server, or TFS) from Microsoft which thousands of developers use worldwide.

Release of Solar appScreener of version 3.1

On April 11, 2019 the Rostelecom-Solar company announced release of the next version of the analyzer of security of the Solar appScreener 3.1 applications. Now a system supports 26 programming languages.

Among the added languages adopted in this version – TypeScript and VBScript that significantly expands a scope of a segment of the web applications available to the analysis using Solar appScreener. Besides, in the analyzer support of Apekh – language of the CRM system of Salesforce is implemented. It will allow Rostelecom-Solar company to increase sales in foreign markets.

Daniil Chernov, the head Solar appScreener noted:

«
In development of the product we stake on two essentially important components – improvement of functionality of the analyzer and increase in convenience of work with a system. Version 3.1, thanks to support of a number of additional languages, will allow our customers to expand a range of the protected applications. With each next version check of software on vulnerability and NDV becomes simpler and more effective.

»

In Solar appScreener 3.1 a number of opportunities for more granular control under needs of the customer appeared. In particular, now it is possible to monitor changes in the code locations containing vulnerabilities or not declared opportunities, comparing results of scannings for any period (earlier comparison was available only to two last scannings). It allows to carry out the complete retrospective analysis with understanding when vulnerabilities were detected and what actions were taken in their relation. An opportunity to point the direct reference to code location considerably simplifies and accelerates interaction of the cybersecurity specialist with a development team, promoting operational elimination of vulnerabilities.

At requests of customers added an option of separation of roles of commenting and editing results of scanning as in the large organizations only the narrow circle of employees should have the right to editing to the analyzer. Editing results of scanning allows the customer to filter vulnerabilities which he does not consider critical (for example, slozhnoexpluatiruyemy vulnerabilities, etc.)

In Solar appScreener 3.1 completion of appearance and ergonomics of the user interface is continued. Besides, the provided version is easier built in lifecycle of software development thanks to improvement of functionality of a plug-in for integration with Jenkins and to enhanced capabilities for integration with Jira. Also system developers considerably added the rule base of search of vulnerabilities and finished analysis algorithms for more effective detection of vulnerabilities and further decrease in number of false operations.

Rebranding and release of Solar appScreener 3.0

On January 24, 2019 the Rostelecom-Solar company announced large-scale updating of the analyzer of applications on existence of vulnerabilities and not declared opportunities (NDV). Starting with version 3.0, the product will be presented at the market under the name — Solar appScreener — instead of the previous Solar inCode. Rebranding is dictated by technology evolution of a product: the technologies of decompiling and a deobfuskation implemented in it allow not just scanirovatyiskhodny code, but also to analyze applications in the form of executable files, explained in Rostelecom-Solar.

Completely updated system of interaction of the solution with users became key change of Solar appScreener 3.0. Both the graphical interface of the solution, and functionality of a system underwent significant changes.

Solar appScreener 3.0

With a release of the previous version of the Solar inCode 2.10 analyzer beta testing of the graphical interface was started and according to the results of responses and wishes of users on possible improvements are collected. Besides, the company carried out a row specialized UX/UI tests based on which the ergonomics of the interface were finished — for example, minimized the number of clicks necessary for access for users to functions of a system. Also the page of management of user groups was completely processed: in the provided version during its creation it is possible to configure flexibly right-wing group of users, noted in Rostelecom-Solar.

According to the developer, in the updated interface there were also convenient navigation on projects and analysis results, a quick search, more evident and detailed view of statistical project information and complementary filters for projects and also the page of administration is processed. The users preferring the previous interface will be able to use it up to a release of version 3.1.

The changes implemented in Solar appScreener 3.0

According to the statement of the developer, in Solar appScreener 3.0 the convenience of using of the module Fuzzy Logic Engine which allows to minimize the number of false operations increased, doing not pass at the same time real vulnerabilities. Thanks to increase in a covering of the rule base of search of vulnerabilities in the provided version it is possible to customize the display of results taking into account the probability of false operation.

One of the major requirements which impose to modern analyzers of security of applications — ability to integrate into process of safe development. For expansion of such opportunity in Solar appScreener 3.0 integration into Microsoft Active Directory which allows to observe automatically the information security policies operating in the company and access rights of developers and security officers to different information systems is implemented. Thus, according to the developer, Solar appScreener 3.0 raises the overall level of corporate information security and reduces time which is required for management of powers of users.

Solar appScreener 3.0

As consider in Rostelecom-Solar, at the expense of the updated methods of the analysis of a data stream and a method of generation of the chart of dissemination of data for vulnerabilities the version of solution 3.0 analyzes vulnerabilities of the applications written in languages more effectively Java Scala, Kotlin and Java for Android.

The support of the COBOL legacy-language implemented in Solar appScreener 3.0 will allow to check legacy systems which for one reason or another it is impossible to refuse for vulnerabilities. COBOL often used for development of banking applications, and its support was implemented on requests of clients and partners Rostelecom-Solar in foreign markets, the developer noted.

2018

The version of Solar inCode 2.10 with the updated technology of decrease in false operations

On October 17, 2018 Rostelecom-Solar announced release of the next version of the solution for control of security of the source code of applications. The advanced module Fuzzy Logic Engine which sets the industry standard in the field of fight against false operations is built in Solar inCode 2.10. Besides, in the appeared version beta testing of absolutely another, completely processed interface of the solution is started.

The module Fuzzy Logic Engine is the technological solution of Rostelecom-Solar company created for minimization of number of false operations (False Positive) and the admission of vulnerabilities in the code (False Negative). He uses a mathematical apparatus of a fuzzy logic which allows to determine the probability of false operation in the current project, based on results of last scannings. Operation parameters of filters of the module Fuzzy Logic Engine are defined by the knowledge base which constantly is replenished based on the carried-out projects.

«
The number of false operations and admissions of vulnerabilities – one of keyword parameters of efficiency of any code analyzer therefore technology development of Fuzzy Logic Engine has for us a high priority. The algorithms put in it are a result of long-term scientific developments, and behind each updating there is large volume of researches. This module was implemented in a product in 2015, but only in 2018 it was succeeded to improve seriously technology and to release large update.
Daniil Chernov, head Solar inCode of Rostelecom-Solar company.
»

In the version of Solar inCode 2.10 the security officer can customize the display of results of scanning taking into account the probability of false operation that significantly reduces time necessary for processing of the report and setting for developers of tasks of error correction and vulnerabilities in the code. Besides, the user has an opportunity to work with Fuzzy Fuzzy Logic Engine filters directly for achievement of higher accuracy of results.

However whatever difficult was the technology, Rostelecom-Solar always aims to present it to the user in a simple and clear type. Therefore beta testing of essentially another, completely processed graphical interface which final option will be provided in the next version of the solution is let into Solar inCode 2.10. In Solar inCode 2.10 users will see by default the usual interface, but for those who will want to test future interface and to send the responses and the ideas, the switching button is implemented.

Rules for search of vulnerabilities for supported languages of programming, in particular for Groovy and Kotlin which support was implemented in the previous version of the solution are added to Solar inCode 2.10. Analysis algorithms were separately finished by search of vulnerabilities for the C/C languages ++.

For reduction of duration of scanning of the applications written in the JavaScript language the functionality according to the analysis of their structure is built in the version of Solar inCode. The solution defines the used external libraries and allows to exclude them from the analysis.

Certification of FSTEC of Russia

On September 20, 2018 the company "Rostelecom-Solar" announced obtaining the certificate FSTEC Russia on Solar inCode, the solution for control of security source code of applications.

Use of the certified software is the mandatory requirement for the state and also many commercial organizations. As reported in Rostelecom-Solar, certificate of conformity No. 4007 issued by FSTEC of Russia certifies that the solution Solar inCode meets software requirements for the 4th level of absence control of not declared opportunities (NDV). Solar inCode is also included into the Unified register of the Russian programs for electronic computers and databases that allows to use it in the organizations implementing the import substitution program in the field of cybersecurity solutions.

The functionality allowing the solution even without access to the source code of applications to check them for existence of errors and vulnerabilities by method of static analysis, does Solar inCode, according to the developer, by a best tool for control of security of legacy and third-party software. Also the wide list of the detected vulnerabilities, low interest of false operations and support of the majority of the modern languages of programming are among advantages of the solution.

Release of version 2.9

On June 25, 2018 the Solar Security company announced a release of the next version of Solar inCode, the solution for control of security of the source code.

The list of programming languages which will recognize and analyzes Solar inCode 2.9, was replenished at the expense of Groovy and Kotlin. At the same time the analysis of the applications written on Kotlin is possible even without access to their source code.

«
When forming the road map of development of a product it is very important to monitor trends in software development. Some languages gradually consign to the past, others come to their place, and we should react to requirements of the market quickly. Groovy and Kotlin – application development languages which appeared in a trend now and continue to gain popularity therefore we turned on them in Solar inCode 2.9. In the last version support of the Go language was implemented, and in present release this functionality was also improved thanks to significant expansion of the rule base of search of vulnerabilities.
Daniil Chernov, head Solar inCode of Rostelecom-Solar company
»

Architecture of Solar inCode
Architecture of Solar inCode

One more strategic vector of development of Solar inCode – support of processes of continuous integration and lifecycle of safe application development. Within development of this direction in Solar inCode 2.9 the possibility of the incremental analysis was implemented. Thanks to it when comparing different assemblies of the application developers will be able to scan only that part of the code which was added in the latest version. Similarly, now it is possible to include only those vulnerabilities which were not detected in this software earlier in reports of Solar inCode 2.9. Besides, if necessary it is possible to exclude standard libraries from scanning, checking for errors and potential only native code of vulnerability.

In addition to classifications of OWASP Mobile Top 10 2016, OWASP Top 10 2017, PCI DSS and HIPAA Solar inCode 2.9 allows to range the found vulnerabilities according to CWE/SANS Top 25. Also this version contains additional rules of search of vulnerabilities for supported languages of programming and also improved more detailed descriptions of vulnerabilities.

Release of version 2.8

The Solar Security company released on April 19, 2018 update of the solution for check of security of the Solar inCode 2.8 applications with support of the Go programming language also known as Golang.

«
Support of Go is a functionality which was included in the road map of development of a product owing to a large number of the corresponding requests from customers. Considering what rates this language gains popularity, I think, we will deepen its support in the subsequent versions of Solar inCode — Daniil Chernov, the head Solar inCode of Solar Security company reported.
»

From the first versions of Solar inCode supports the instruments of continuous integration (Continuous Integration) and safe application development (SDLC) allowing to automate these processes. Within development of this direction support of TeamCity, the popular server of continuous integration was built in Solar inCode 2.8.

The support of JSON API implemented in addition to Command Line Interface became one more step in the direction of seamless integration to SDLC. This functionality will allow to build in Solar inCode in a row of the external systems used within process of safe development.

In total it will allow to adjust continuous process of quality control, to automate check of security of assemblies of software and to reduce time expenditure by process entirely, consider in Solar Security.

Besides, in Solar inCode 2.8 the augmented list of rules of search of vulnerabilities and also their expanded descriptions which will help the users who do not have deep technical expertize are added it is correct to interpret data of reports.

Release of version 2.7

On February 1, 2018 the Solar Security company announced release of the next version of the solution Solar inCode with support of static analysis of the code of binary files for mac OS.

Difference of Solar inCode is the possibility of static analysis performed with automatic recovery of the high-level code (.apk-,.jar-,.war-,.ipa-,.exe-and.dll-files). For the purpose of gain of the given difference in the version of Solar inCode 2.7 the module of the analysis of executable files of applications for the macOS operating system is implemented (.app expansion).

«
"macOS operating system family – the second in prevalence for desktops after Windows, therefore static analysis of binary files for OS from Apple – an important step in development of a product. In the next versions of Solar inCode we are going to be focused on further development of this functionality".
»

One more difference of Solar inCode – a simple and user-friendly interface. Thanks to the thought-over interaction logic with the user he is intuitive and does not demand extra time on studying. Start of scanning is performed in two clicks, and visual representation of reports is implemented so that they were informative and for the user without skills of program development.

«
"The most user-friendly interface needs permanent development – both in terms of graphic design, and from positions of ergonomics and just compliance to recent trends in this area. Therefore we entered a number of changes to the Solar inCode 2.7 interface, having finished the visual solution of pages of projects and results, buttons of fast actions, having added the scanning accomplishment indicator".
»

Also rules for search of vulnerabilities are added to versions of Solar inCode 2.7 and analysis algorithms are improved by search of vulnerabilities for JavaScala the Java for languages Android.

Reports on scannings can be unloaded according to classification of vulnerabilities of OWASP Top 10 2017. The found vulnerabilities can be ranged according to OWASP Mobile Top 10 2016, PCI DSS and HIPAA that simplifies a task of compliance to requirements of regulators.

2017

Release of version 2.6

The Solar Security company submitted on October 17, 2017 the next version of Solar inCode. Support of the Solidity programming language which is used for creation of the smart contracts intended for the conclusion of transactions within blockchain technology became key updating of version 2.6.

«
Smart contacts are dangerous that the popularity of these tools advances their security, thus that in case of the successful attack users can lose real money. Therefore we consider important to quickly adapt Solar inCode to the changing requirements of the market — Daniil Chernov, the head Solar inCode of Solar Security company emphasized.
»

Besides, Solar inCode is able to look for errors and vulnerabilities in HTML5 now that allows developers to be sure not only of the present and convenience, but also of security of the created web applications.

The technology of the analysis of the applications written on C/C ++ was also improved and finished. The analysis of the source code supports assembly of projects with the help of the Visual Studio now, and the rule base of search of vulnerabilities was expanded. The rule base of search of vulnerabilities for the ABAP and Delphi languages is also added.

At the same time, in version 2.6 an opportunity to load from the local computer the project in the form of archive with expansions.7z,.ear,.aar,.rar,.tar.bz2,.tar.gz,.tar,.cpio is for the first time implemented. Within increase in the overall level of usability the interface of the solution is also in addition finished.

One more important direction — easy embedding of Solar inCode in process of safe application development (SDLC) — got support in a type of a plug-in to the server of continuous integration Jenkins and an opportunity to keep track of the status of scanning in e-mail.

At the same time reports on scannings can be unloaded according to classification of vulnerabilities by HIPAA now — in addition to classifications of OWASP Top 10 2013, OWASP Mobile Top 10 2014, OWASP Mobile Top 10 2016 and PCI DSS that simplifies to developers a task of compliance to regulations and standards of regulators.

Release of version 2.4

On July 12, 2017 the Solar Security company announced a release of version 2.4 of the scanner of the Solar inCode code.

Developers improved technologies of work with already supported languages of programming and added support of new[1].

In Solar inCode 2.4 rule bases of search of vulnerabilities for the binary C/C code ++ are expanded (.exe-and.dll-files). The list of supported languages of programming was added with Delphi and ABAP (Advanced Business Application Programming) which is used for application development under the SAP platform. Support of ABAP will allow the companies to control the level of security of business applications of SAP. Solar inCode is optimized for integration into process of safe application development (SDLC), version 2.4 helps customers to raise the security level of applications under SAP, without changing usual development processes and testings.

«
Early versions of a product supported mainly languages of development mobile and web applications. Gradually we supplemented this list to expand a pool of solutions with which Solar inCode can work. Behind such functionality as a possibility of scanning of the code in the ABAP language or the binary C/C code ++ there are serious scientific and technical researches, and we are glad that they at last found the practical embodiment in Solar inCode.

Daniil Chernov, head Solar inCode of Solar Security company
»

Process of work of the solution within SDLC is optimized for increase in level of automation. Solar inCode 2.4 allows to make comparison of results of scanning and to keep track of amount of the eliminated vulnerabilities. It simplifies control of security of the developed software and does work with Solar inCode more convenient and more intuitive.

In the version the chart of dissemination of data (route) for JavaScala vulnerabilities Android of-applications appeared.

Especially for developers of mobile applications in Solar inCode 2.4 in addition to OWASP and PCI DSS the possibility of unloading of reports according to classification of vulnerabilities of OWASP Mobile Top 10 2016 is implemented.

The Solar inCode 2.4 interface is improved that process of work with a product was intuitive.

«
Solar Security follows ideology according to which even the most difficult technologies should be provided to users via simple and clear interfaces. Therefore optimization and completion of the Solar inCode interface are conducted constantly, from the version to the version. To us it is very important that both the developer, and a bezopasnik could use this instrument of check of level of security of the code with identical ease.
»

Solar inCode 2.3

On April 19, 2017 the Solar Security company announced release of the version of the scanner of the Solar inCode 2.3 code. The main features — "boxed" integration with JIRA, the analysis of multilingual applications and the module of the binary analysis of applications on C/C ++.

Solar inCode 2.3 makes static analysis of.exe-and.dll-files written on S/s ++ for architecture h64 and h86. This functionality of Solar inCode 2.3 will allow a security service to check the level of security of the applications used in the company without access to the source code — in cases with so-called "legacy software" or applications which development is given on outsourcing[2].

«
We are focused on gain of an opportunity to analyze applications without access to the source code. Static analysis of.exe-and.dll-files written on S/s ++ became the next step in this direction. We received many requests for functionality from clients, but in view of specifics of languages of S/s ++ it was rather difficult to implement it in a product. At us a lot of time for researches and development left.

Daniil Chernov, head Solar inCode of Solar Security company
»

If in the application several programming languages are used, Solar inCode 2.3 will automatically determine them and scans the application in the normal mode. At the same time the user can select - to scan the application entirely or only a part of the code in a certain language.

Solar inCode 2.3 offers users boxed integration with JIRA. After scanning of the application the user can create a task of correction of the found vulnerabilities at once - via the Solar inCode interface.

This version contains a number of completions of the available functionality: in Solar inCode 2.3 there were new descriptions of vulnerabilities, rules of search of vulnerabilities for supported languages of programming. Analysis algorithms of data streams by search of vulnerabilities for the PHP language are also in addition optimized.

Improvements affected the Solar inCode 2.3 interface.

Solar inCode 2.2

On February 7, 2017 the Solar Security company announced a release of the version of Solar inCode. The main improvement in this version - modules of dynamic and interactive analysis (DAST/IAST) with two operation modes — fuzzing-methods and fuzzing-requests.

«
Now, when the product reached a maturity a certain level, we define the directions of development, proceeding from needs of our clients. It concerns the list of supported languages, the reporting, the interface, new technologies and so on. Despite complexity of the technologies which are the cornerstone of Solar inCode we, as before, aim to make use of a product simple and clear, including for employees of security who not always have an experience of development.

Daniil Chernov, head Solar inCode of Solar Security company
»

In this version augmented list of supported languages of programming:

  • C/C ++ (including using OpenMP),
  • Ruby,
  • T-SQL
  • Visual Basic 6.0.

Rules of search of vulnerabilities for the programming languages supported in early versions were a part of Solar inCode 2.2 — Java Scala PHP, Objective-C, Java for Android JavaScript, Swift, Python 2, Python 3, PL/SQL and C#[3].

Solar inCode 2.2 offers enhanced capabilities of the analysis of the IOS-APPLICATIONS. Support of the Swift 3 programming language, integration with the XCode 8 development environment and the compiler Clang 8.0 Apple provide the maximum scope of the IOS-APPLICATIONS available to the analysis, emphasized in Solar Security. The module of loading of the IOS-APPLICATIONS from App Store supports all current versions of the operating system iOS.

Results of scanning can be unloaded, prioritizing vulnerabilities according to classification of OWASP Top 10 2013, OWASP Mobile Top 10 2014 or PCI DSS 3.2.

In version 2.2 developers paid attention to development of analytical tools. The built-in module of interproject analytics allows to integrate projects in groups for receiving cumulative project information within group. Statistics on the number of transactions of scanning, scanning time, quantity of code lines, the rating of security and amount of vulnerabilities with the choice of level of criticality is available to users. All indicators can be presented in a schedule type, the changes reflecting dynamics.

From version 2.2 the product is compatible to operating systems CentOS and macOS.

2016

Solar inCode SaaS

On October 26, 2016 the Solar Security company announced providing Solar inCode output in access on the Software-as-a-Service (SaaS) model.

Solar inCode in a cloud format is focused on the companies where the needs for code safety verification of applications arise from time to time[4].

Screenshot from the presentation of Solar inCode, (2015)
Screenshot from the presentation of Solar inCode, (2015)
«
Solar inCode from "cloud" is, in fact, this enterprise-solution in a retail configuration. The companies which do not suit standard licenses for a large number of scannings could not use our product earlier. Now we are ready to offer Solar inCode and this category of customers that will allow to spread technology and to increase the level of security of the Russian companies.
»

Solar inCode 2.0 is technology for check of security of applications by method of static analysis which functions in the presence at the checking source code and in the absence of access to it. Solar inCode 2.0 helps to reveal vulnerabilities and not declared opportunities in the software. The solution is capable to analyze the most widespread programming languages, all mobile and the majority of web applications.

Solar inCode 2.0

Solar Security, the developer of products and services for target monitoring and operational management of information security, released in the summer of 2016 Solar inCode update — the solution capable to check security of applications by method of static analysis even in the absence of the source code. Solar inCode 2.0 offers the augmented list of the analyzed languages, the intuitive user interface and also the optimized technologies of detection of vulnerabilities and not declared opportunities in the software.

According to developers, the large number of changes in this version of Solar inCode is directed to simplification of an interaction logic with the user. The design of the interface was processed and improved so that interpretation of the data obtained from Solar inCode does not demand from the user of deep technical expertize any more.

In addition to programming languages Java, Scala PHP, Objective C, Java for Android which support was implemented in the first version of the solution Solar inCode 2.0 analyzes the applications written on JavaScript, Swift, Python 2, to Python 3, PL/SQL and C# now. Thus, the solution covers the most widespread programming languages and is capable to analyze all mobile and the majority of web applications.

For simplification of work during regular verifications of the Solar inCode 2.0 code allows to edit rules of search of vulnerabilities and to note false operations. Such training allows to create the developed mechanisms of identification of false positive operations and also to define new types of vulnerabilities and not declared opportunities.

The Solar inCode interface, in addition to Russian, is localized also into English now. Besides, according to wishes of users in the new version the opportunity for work through the command line is added. Users can automate check of new assemblies of software and, as a result, build in Solar inCode process of safe development (SDLC). The new version also allows to differentiate access for users to software that each developer could control the security level and existence of errors only in the part of the project.

"In the first version of a product the emphasis was placed on technologies of a deobfuskation and decompiling and also on reporting system with detailed recommendations about elimination of the found vulnerabilities — Chernov Daniil, the head Solar inCode of Solar Security company told. — The second version of Solar inCode, in addition to the innovation methods of the analysis of software, offers a simple, user-friendly and clear interface that makes the solution available to the maximum number of users and brings him to new segments of the market".

2015

Solar inCode release

On October 29, 2015 the Solar Security company announced product output for the analysis of the software.

The analysis of applications is carried out by method of "a white box" and in the absence of the source code. The technologies of a deobfuskation and decompiling implemented in Solar inCode allow to recover the source code with a fine precision even if applied the obfustsiruyushchy (confusing) conversions to it. For quality improvement of the analysis of the code four different technological solutions, including the taint-analysis, for decrease in number of false operations – the Fuzzy Logic Engine process module with author's algorithms of filtering of vulnerabilities are used.

"It is possible to tell that inCode is a product in which the scientific thought found the worthy technical embodiment. In a development team three candidates of science, two of whom defended the dissertations on decompiling of the code therefore the technologies put in a product give essentially new level of its use: both in terms of convenience, and in terms of efficiency of assessment of security of applications", – Daniil Chernov, the head inCode of Solar Security company noted.

Solar inCode is created as the tool for security experts - the product issues detailed recommendations about setup of the imposed means of protecting (SIEM, WAF, NGFW) blocking possibilities of operation of vulnerabilities before their elimination. For developers reports with the description of the revealed vulnerabilities with links to the corresponding code locations and recommendations about their elimination by making changes in the code are provided that significantly simplifies problems of development.

For October 29, 2015 Solar inCode allows to analyze online and mobile applications written in the most popular languages: Java, Scala, PHP, Objective C, Java for Android. In plans for development of a product expansion of the list of the analyzed languages: JavaScript, PL/SQL, 1C and C#.

"Lately risks of operation of vulnerabilities of a program code considerably grew, – Igor Lyapunov, the CEO of Solar Security said, – according to us which contain reports of JSOC, more than 60% of the successful cyber attacks aimed at external business applications are implemented through vulnerabilities in software. While the subject of security of applications is rather new, most of professionals in the field of security understand that the security of information, money, and sometimes and the whole companies began to depend on quality of the code directly".

Solar inCode

For October 29, 2015 Solar inCode is the instrument of static analysis of the code, it is intended for detection of vulnerabilities and not declared opportunities (NDO) in the software.

Notes