THUNDERSCAN

Source Code Security Analysis (SAST)

Attacks on applications present the greatest threat to the security of organizations. The best way to ensure that your applications are free from critical vulnerabilities is to perform a comprehensive audit of application source code using DefenseCode ThunderScan.
PURCHASE LICENCE

Products/ThunderScan

ThunderScan Application Security

DefenseCode ThunderScan is a SAST (Static Application Security Testing, WhiteBox Testing) solution for performing extensive security audits of application source code. ThunderScan is easy to use, requires almost no user input and can be deployed during or after development. It is an efficient alternative to the demanding and time-consuming manual code reviews. ThunderScan will perform fast and accurate analyses of large and complex source code projects delivering precise results and low false positive rate.

Application source code analysis is the best and most comprehensive way to assure your application is free of security vulnerabilities (SQL Injections, Cross Site Scripting Vulnerabilities, File Inclusion, Code Execution, etc.).

DefenseCode ThunderScan is designed to perform comprehensive security assessment of desktop, web and mobile applications source code and it has repeatedly proven effectiveness by discovering critical vulnerabilities in popular open source applications.

ThunderScan preview can be seen on YouTube

Supported Languages/Platforms:

  • C#
  • Java
  • PHP
  • ASP
  • VB.Net
  • Visual Basic
  • VBScript
  • Javascript
  • Android Java
  • IOS Objective C
  • PL/SQL

ThunderScan will scan for more than 30 vulnerability types (including OWASP Top 10) in desktop, web and mobile applications developed on various platforms using different development environments and frameworks. Some of them are listed below:

Vulnerabilities:

  • SQL Injection
  • XPATH Injection
  • File Disclosure
  • Mail Relay
  • Page Inclusion
  • Dangerous Configuration Settings
  • Code Injection
  • Dangerous File Extensions
  • Shell Command Execution
  • Misc. Dangerous Functions
  • Cross Site Scripting
  • Arbitrary Server Connection
  • Weak Encryption
  • HTTP Response Splitting
  • Information Leak
  • LDAP Injection

You can find more information about some of the vulnerabilities ThunderScan detects here.

Sample ThunderScan scan report can be downloaded: here.

For more informations, contact us on: defensecode@defensecode.com

Key Benefits

  • Ease of use
  • Accuracy
  • Speed
  • Low false positive rate
  • Supports a wide range of programming languages