DerScanner 3.11 app security analyzer has been released

DerSecur introduced the new version of the security code analyzer DerScanner 3.11. It now features the option to classify detected vulnerabilities according to the latest versions of international standards OWASP Top 10 2021 and CWE/SANS Top 25 2021. The new release allows for uploading reports in editable DOCX and SARIF formats. The system interface now offers filtering vulnerabilities by package or file affiliation, source of vulnerability, and sink.

The DerSecur team constantly monitors emerging software security threats, keeping product vulnerability detection databases up to date. Moreover, the DerScanner version 3.11 is one of the first in the application security market to include the latest editions of web applications vulnerability classifications, such as OWASP Top 10 2021 and CWE/SANS Top 25 2021.

The new version of the SAST tool offers the option to upload reports in editable DOCX and SARIF formats. The latter is a unified format for exchanging JSON-based static analysis results for static analysis tools output. Since automation is important for DevSecOps pipeline, a unified format allows for easier interaction between the infrastructure development components and the static analyzer.

DerScanner 3.11 implements new features for processing detected vulnerabilities. The system now allows filtering according to package, file, vulnerability source, and sink. Flexibly configurable settings allow for selective analysis of the necessary elements for large projects, without creating extra load.

Other innovations include the feature of scheduled scanning launching from within the DerScanner interface. Previously, users could configure scheduled scanning via CI/CD components. As most companies do not own CI/CD servers, the security scanner developers have added the scheduled analysis feature from within the product’s interface.

About DerScanner

DerScanner is a static app code analyzer capable of identifying vulnerabilities and undocumented features. Its distinctive feature is the ability to analyze not only source code, but also executables (i.e. binaries) and to return much better results when compared to DAST. The analyzer can test apps written in 36 programming languages or compiled into an executable file with one of 9 extensions, including those for Google Android, Apple iOS, and Apple macOS.