Embed Size (px)
Citation preview
Who are we?02
LLC “Echelon Innovations” is a progressive company created by JSC NPO Echelon which is one of the largest Russian companies in information security.
The company was created for advanced research and developments. It is a participant of Skolkovo Innovations Center.
The purpose of AppChecker
АppChecker is a cloud analyzer of the program code intended for business processes automation.
The purposes of AppChecker:
03
trusted software development
software security control
detection of software code backdoors
program code quality review
Problem description
Nowadays it is necessary to monitor the code quality while software developing.
Even the largest software developers in the world regularly allow vulnerabilities occurrence in their software.
Weaknesses and vulnerabilities in application source code lead to developer financial and reputational risks, and also to risks of user data integrity, confidentiality and accessibility violation.
Automatic error detection on the development stage will reduce the development cycle, testing and correction costs, software developers and users risks.
04
AppChecker Technologies
Signature heuristic code security analysis on the basis of potentially dangerous constructions signatures
[Construction base is completely compatible with CWE (Common Weakness Enumeration) taxonomy]
Cloud access to AppChecker interface and API
Calculation of code statistics, software systems difficulty and security metrics
Data flow analysis
05
Competitors06
Model/product Stage Program languages Types of source code analysis
Variants
Fortify 360 SCA Sales >20static, dynamic,
interactivedesktop, private
cloud, public cloud
InfoWatch Appercut
Sales >20 staticprivate cloud, public cloud
PVS Studio Sales C/C++ static desktop
Positive Technologies Application
Inspector
SalesASP.NET, JavaScript,
Java, PHP, ABAP, PL/SQL
static, dynamic, hybrid
desktop
Echelon AppChecker
Development С/С++, Java, PHP staticprivate cloud, public cloud
Competitors07
Model/product Price, [RUR] Integration with CWE
Data flow analysis Cross platform code analysis
Fortify 360 SCAFrom 5,9
million a year+ + +
InfoWatch Appercut
n/a + - +
PVS Studio204 800 a
year- - -
Positive Technologies Application
Inspector
n/a - + +
Эшелон AppChecker
300 000 a year
+ + +
Competitive advantages08
Integration with CWE
Opportunity of collaborative work
Signature heuristic analysis method
Low price
Unified interface with AK-VS products.
Simple training process
Stage and prospects09
Stage•Subsystems of static and dynamic program code audit service analysis for C/C++, Java, PHP (including their last standards) have been developed•Subsystem of web-interface which allows a joint work of several experts has been developed
Prospects•Evolution of the source code analysis mechanisms for qualified search of such types of defects as a buffer overflow, incorrect operation with resources or different types of “injections” (SQL, command etc.)•Improvement of code review instruments for false alarms filtration simplification and for a joint work of several experts.
Potential clients
Software development companies
• ABBYY• DataArt• EPAM Systems• ICL Services• Intel• Luxoft• Microsoft• Oracle (Sun
Microsystems)• …
10
Companies which do their own internal development
• Russian Railways• Aeroflot• Rostelecom• Sberbank• …
Customer who check the executors work
Testing laboratories
Contact information
107023, Moscow, Elektrozavodskaya st., 24
+7 (495) 223-23-92
8-800-100-05-02 (free call all over Russia)
www.iechelon.ru
www.facebook.com/npo.echelon
[email protected] (technical support)
[email protected] (all other questions)
