Product

SATraits

Enabling Zero Trust and Secure by Design Initiatives

SATraits Typical Results

20%

No one scanning tool typically has more than 20% coverage of known defects

<1%

The overlap of defect findings across AST tools is typically <1%

These results have been verified by a recent multi-year empirical study of AST results published in conjunction with Carnegie Mellon.

Reducing risk starts with advancing application security to be more effective and useful. Application Security Testing (“AST”) tools do a great job of finding defects, but every tool has different strengths, accuracies, coverage and language capabilities.

SATraits is the first planning tool that determines the expected coverage of defects that each AST tool discovers for a given application.

SATraits extensive data- and analytical-driven knowledge base for every rule for every vendor allows for precision understanding of coverage and accuracy.

SATraits Key Benefits

With the knowledge of the source code language, environment and context, SATraits determines the percentage of known problems covered by AST tools

SATraits enables the analysis of false negatives – that is, defects that are not being found

Customers can understand Zero Trust requirements and choose their level of risk and coverage

When used in conjunction with SATriage, users can improve coverage by utilizing additional AST tools without increasing workload

SATraits is the first planning tool that determines the expected coverage of important defects for each AST Tool1.

Select Initial AST Tools

  • Tools have different strengths, accuracies, coverage and language capabilities
  • Many open source tools provide capabilities not found in commercial tools
  • Depends on specific application characteristics

Determine AST Tool Coverage

  • Based on language, environment & context, SATraits determines coverage of key issues
  • No one scanning tool typically has > 20% coverage of known defects
  • The overlap of defect findings across AST tools is typically <1%
  • Almost all tools have a positive ROI, even in conjunction with all other tools

Choose Final AST Tools

  • Customers can choose their acceptable level of risk and coverage
  • Customers can understand Zero Trust requirements
  • In conjunction with SATriage, users can improve coverage by utilizing additional AST tools without increasing workload

1Based on empirical studies and a detailed study of each and every AST rule

Powered by 30 years of R&D, 10M’s curated defects, 700 databases of code/defect behavior statistics

Contact Us