Free Data Leakage Assessment

ShiftLeft is offering you a free data leakage assessment of your application(s). The analysis combines understanding of development and production environments to determine how critical data flows across microservices, 3rd party libraries and open source software (OSS) components that is both comprehensive and precise.

Common data leakage scenarios we have seen in our customer engagements:

• Unexpected decryption as data flows between microservices
Unexpected deserialized data submitted to OSS libraries
PII (Personally Identifiable Information) submitted to a logging system
Credentials hard-coded in the application and leaked

The analysis will include:

Discovery and classification of sensitive data
Critical data flows, including entry and exit points to identify issues
Discovery of known and unknown vulnerabilities
GDPR compliance readiness

How it works:

ShiftLeft’s proprietary Semantic Property Graph (SPG) is a graph of graphs (Abstract Syntax Graph, Control Flow Graph, etc.) that identifies how data flows within an application and across microservices. The SPG analyzes JAR files to identify potential leakages. Potential leakages are communicated to ShiftLeft’s runtime microagent as part of a broader security profile. The microagent is deployed in production to determine the runtime behavior. By combining the SPG analysis with production analytics, ShiftLeft can accurately map data paths and identify data leaks.

Technical requirements:

• Installation of ShiftLeft Plugin into CI tool (Jenkins, Travis, Circle, etc.)
• Installation of ShiftLeft Microagent into runtime environment

Business requirements:

• Kickoff call to discuss goals and schedules
Technical installation call to deploy ShiftLeft 
• Call to discuss results with a senior member of the security team