How ShiftLeft Broke the OWASP Benchmark Record for SAST

ShiftLeft recently broke the record for the highest score ever recorded on OWASP’s Benchmark for Security Automation. ShiftLeft scored a whopping 75%, which is nearly 3X the previous commercial vendor average of 26%. Furthermore, ShiftLeft is also the only vendor to identify 100% of the vulnerabilities.

This webinar will cover how ShiftLeft’s Code Property Graph (CPG) is a fundamentally different, how it enabled us to break the benchmark record and what it means for modernizing application security in DevOps and cloud environments.

Webinar Image

The CPG is based on semantic graphing, which creates a single multi-layered graph that summarizes code on various levels of abstraction. Practically speaking, this means the CPG has the context to understand what the application fundamentally is, and is not, supposed to do. Thus, deviations become clearly identifiable as vulnerabilities.

In particular, this is critical for identifying complex vulnerabilities that are dependent on a series of conditions across various components that make up the application. For example, a 3rd party SDK may be vulnerable to a deserialization attack when used in conjunction with a certain version of a library that can be found in either programming language or framework. Only by understanding how the components interact with each other can these sophisticated vulnerabilities be easily identified.

Furthermore, the CPG is able to understand abstract information layers instead of merely low level data flows. Instead of just knowing that code prints data, the CPG also knows sources, transforms, sinks and protocols. Hence, identifying a database sending unfiltered data to http becomes much easier to flag as a reflected cross-site scripting vulnerability.


This webinar will cover:

  • About the OWASP benchmark
  • Previous OWASP benchmark results
  • ShiftLeft’s record breaking results
  • Technical deep dive on ShiftLeft’s Code Property Graph
  • Why AppSec must be modernized for the DevOps era
  • ShiftLeft demo


Webinar Presenters

Chetan Conikee
Chetan Conikee
CTO & Co-Founder ShiftLeft
Etan Lightstone
Etan Lightstone
VP of Product Design ShiftLeft
Fabian Yamaguchi
Fabian Yamaguchi
Chief Scientist ShiftLeft