Synopsys Releases Seeker 2018.07
August 01, 2018

Synopsys announced the availability of the latest major Seeker release, an interactive application security testing (IAST) solution redesigned to enable DevSecOps and continuous delivery of secure web applications.

Seeker integrates seamlessly into CI/CD pipelines and monitors web applications during preproduction testing cycles. Using patented technology, Seeker is the only application security solution that detects and automatically verifies whether vulnerabilities are exploitable, providing developers with accurate, actionable information in real time.

Seeker continuously mitigates application security risk in a tight feedback loop, complementing DAST scans and penetration tests that occur later in the development cycle and often require dedicated, out-of-band testing cycles and manual results verification and triage.

To address software dependency risk, Seeker integrates Black Duck Binary Analysis (formerly Protecode SC) to automatically detect known vulnerabilities and license conflicts in open source components. Seeker also provides sensitive-data tracking to help achieve compliance with standards and regulations like PCI DSS and GDPR. Seeker is easy to deploy out of the box and supports large-scale, cloud-based, and microservices-based application architectures.

"Seeker is designed specifically for organizations embracing DevOps and leveraging automation to deliver continuous software improvements to their customers," said Andreas Kuehlmann, GM of the Synopsys Software Integrity Group. "Due to its continuous monitoring, unrivaled accuracy, and contextualized remediation guidance, Seeker removes the manual elements of security testing and enables developers to take ownership of application risk."

Key features of Seeker 2018.07 include:

- Active vulnerability verification for unrivaled accuracy: Seeker provides automated active verification to confirm that detected vulnerabilities are exploitable. This verification is achieved through patented technology that replays original HTTP(S) requests with tainted parameters and monitors the resulting application dataflow. The result is a near-zero false positive rate, which is significantly lower than that of other IAST and DAST solutions and reduces the cost of manual verification.

- Sensitive-data tracking: Seeker enables security teams to identify and track sensitive data, such as credit card numbers, usernames, and passwords, to ensure that it is handled securely and not stored in log files or databases with weak or no encryption. Sensitive-data tracking helps organizations comply with data security regulations including PCI DSS, HIPAA, and GDPR.

- CI/CD integration and flexible deployment: Seeker can be deployed in virtually any type of automated or manual testing environment with minimal configuration required. Seeker fits seamlessly into CI/CD pipelines with native plugins and easy-to-use web APIs for bug tracking, build, and test automation tools. Seeker supports standard, microservices-based, and cloud-based application architectures and is scalable for large enterprise requirements.

The Latest

August 16, 2018

There once was a time in software development where developers could design, build and then think about their software's security. However in today's highly connected, API-driven application environment, this approach is simply too risky as it exposes the software to vulnerabilities ...

August 15, 2018

Microservices are a hot topic in IT circles these days. The idea of a modular approach to system building – where you have numerous, smaller software services that talk to each other instead of monolithic components – has many benefits ...

August 13, 2018

Agile is expanding within the enterprise. Agile adoption is growing within organizations, both more broadly and deeply, according to the 12th annual State of Agile report from CollabNet VersionOne. A higher percentage of respondents this year report that "all or almost all" of their teams are agile, and that agile principles and practices are being adopted at higher levels in the organization ...

August 09, 2018

For the past 13 years, the Ponemon Institute has examined the cost associated with data breaches of less than 100,000 records, finding that the costs have steadily risen over the course of the study. The average cost of a data breach was $3.86 million in the 2018 study, compared to $3.50 million in 2014 – representing nearly 10 percent net increase over the past 5 years of the study ...

August 08, 2018

Hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage, according to the 2018 Cost of a Data Breach Study, sponsored by IBM Security and conducted by Ponemon Institute. The study found that the average cost of a data breach globally is $3.86 million ...

August 06, 2018

The previous chapter in this WhiteHat Security series discussed dependencies as the second step of the Twelve-Factor App. This next chapter examines the security component of step three of the Twelve-Factor methodology — storing configurations within the environment.

August 02, 2018

Results from new Forrester Consulting research reveal the 20 most important Agile and DevOps quality metrics that separate DevOps/Agile experts from their less advanced peers ...

July 31, 2018

Even organizations that understand the importance of cybersecurity in theory often stumble when it comes to marrying security initiatives with their development and operations processes. Most businesses agree that everyone should be responsible for security, but this principle is not being upheld on a day-to-day basis in many organizations. That’s bad news for everyone. Here are some best practices for implementing SecOps ...

July 30, 2018

While the technologies, processes, and cultural shifts of DevOps have improved the ability of software teams to deliver reliable work rapidly and effectively, security has not been a focal point in the transformation of cloud IT infrastructure. SecOps is a methodology that seeks to address this by operationalizing and hardening security throughout the software lifecycle ...

July 26, 2018

Organizations are shifting away from traditional, monolithic architectures, with three-quarters of survey respondents delivering at least some of their applications and more than one-third delivering most of their applications as microservices, according to the State of DevOps Observability Report from Scalyr ...

Share this