Synopsys Seeker

Seeker, our interactive application security testing solution, gives you unparalleled visibility into your web app security posture and identifies vulnerability trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive data to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Seeker’s seamless integration into CI/CD workflows enables fast IAST security testing at DevOps speed. Seeker also determines whether a security vulnerability (e.g., XSS or SQL injection) can be exploited, thus providing developers with a risk-prioritized list of verified vulnerabilities to fix in their code immediately. Using patented methods, Seeker quickly processes hundreds of thousands of HTTP(S) requests, identifies vulnerabilities, and reduces false positives to near zero. This enables security teams to focus on actually verified security vulnerabilities first, greatly improving productivity and reducing business risk. It’s like having a team of automated pen testers assessing your web applications 24-7. Seeker applies code instrumentation techniques (agents) inside running applications and can scale to address large enterprise security requirements. It provides accurate results out of the box and doesn’t require extensive, lengthy configuration. With Seeker, your developers don’t have to be security experts, because Seeker provides detailed vulnerability descriptions, actionable remediation advice, and stack trace information and identifies vulnerable lines of code. Seeker continuously monitors any type of testing applied to web apps and seamlessly integrates with automated CI build servers and test tools. Seeker leverages these tests (e.g., manual QA of log-in pages or automated functional tests) to automatically generate multiple security tests. Seeker also includes Black Duck Binary Analysis, our software composition analysis (SCA) solution, which identifies third-party and open source components, known vulnerabilities, license types, and other potential risk issues. Seeker and Black Duck analysis results are presented in a unified view and can be sent automatically to Jira, so developers can triage them as part of their normal workflow. Seeker is ideal for microservices-based app development as it can bind together multiple microservices from a single app for assessment.