Free Data Leakage Assessment

ShiftLeft is offering you a free data leakage assessment of your application(s). The analysis combines understanding of development and production environments to determine how critical data flows across microservices, 3rd party libraries and open source software (OSS) components that is both comprehensive and precise.

Common data leakage scenarios we have seen in our customer engagements:

  • Unexpected decryption as data flows between microservices
  • Unexpected deserialized data submitted to OSS libraries
  • PII (Personally Identifiable Information) submitted to a logging system
  • Credentials hard-coded in the application and leaked

The analysis will include:

  • Discovery and classification of sensitive data
  • Critical data flows, including entry and exit points to identify issues
  • Discovery of known and unknown vulnerabilities
  • GDPR and CCPA compliance readiness

How it works:

ShiftLeft’s proprietary Code Property Graph (CPG) is a graph of graphs (Abstract Syntax Graph, Control Flow Graph, etc.) that identifies how data flows within an application and across microservices. Potential leakages are identified and communicated to ShiftLeft’s runtime microagent as part of a broader security profile.

The microagent is deployed in production to determine the application’s runtime behavior. By combining the CPG analysis with production analytics, ShiftLeft can accurately map data paths and identify data leaks.

Technical requirements:

  • Installation of ShiftLeft Plugin into CI tool (Jenkins, Travis, Circle, etc.)
  • Installation of ShiftLeft Microagent into runtime environment

Business requirements:

  • Kickoff call to discuss goals and schedules
  • Technical installation call to deploy ShiftLeft
  • Call to discuss the results with a senior member of the security team