New DerScanner 3.8 Released to Provide Innovative Beta Mode for Vulnerability Assessment

DerSecur has announced a new release of its code analyzer – DerScanner 3.8. The release offers an innovative beta analysis functionality allowing users to try out the latest code vulnerability detection capabilities, which are under development now. In addition, the new analyzer now supports LotusScript apps, while its interface offers one more vulnerability severity called the information level.

To deliver technology innovation to users as soon as possible, DerScanner  3.8 now features a beta analysis mode for Java, Scala and Kotlin apps. It is based on a complex mathematical algorithm increasing both accuracy and quantity of code scanning results. To enable this function during analysis, all you need to do is select the corresponding option in the interface. At the same time, our customers can be confident that the system will not lose its proven stability: if you don’t need the beta analysis, just don’t use it and continue working in the familiar mode.

In the new version, developers have expanded the list of programming languages by adding LotusScript, an object-oriented language underpinning many IBM and HCL systems. This language is widely used in Europe and the U.S. to create Lotus family apps – business process automation and collaboration systems (corporate mail, chats, messengers, etc.). The LotusScript support is intended to strengthen the product positioning in foreign markets. So, today DerScanner boasts a world record-breaking number of 35 programming languages supported.

This version features one more significant improvement – a new vulnerability severity called the information level. It may indicate a poor-quality code, which is not yet a vulnerability, but, if modified, can lead to a backdoor in the long run. In the previous versions, such information could be found in the Low Severity Vulnerabilities section. In DerScanner 3.8, this data goes to a separate information block and no longer affects the overall app security score.

In addition, users can now independently create cards with vulnerability search rules in the system interface. The new functionality is especially demanded by corporate adopters of DerScanner-based secure development process. For example, custom rules can help find indicators evidencing that the code of apps under development is exposed to technical fraud.

Now, users can create a card with vulnerability description, examples and fixing recommendations on their own, and then add custom search patterns in XML format. In such a case, the rules specified in the system will no longer be available for editing: previously changed system rules are automatically converted to custom ones.

For product regulatory compliance in certain international jurisdictions, DerSecur has made it possible to view an end user license agreement (EULA) any time, but not just at the first login.