close
close

Latest Post

The top 5 tech stories we’re following this week – June, Week 1 Agreement with Rocca and Auchan Retail France for the sale of Codim 2

TEL AVIV, Israel, June 6, 2024 (GLOBE NEWSWIRE) – Backslash securitya modern application security solution that leverages deep reachability analytics for enterprise AppSec and product security teams, today announced extensive new platform features. With a broad range of new on-premise integrations, workflow integrations and automation capabilities for security teams, CI/CD integrations, and expanded language support, Backslash now covers the entire software development lifecycle and also supports the application security needs of large enterprises.

“There are two core elements that make AppSec teams successful – one is cutting through the noise to prioritize truly reachable and exploitable vulnerabilities; the other is building trust with our developers so they can trust that the risks we flag are real and worth investigating and remediating,” said Shane Garoutte, Head of Security & Compliance at Capital Rx. “Backslash’s focus on reachability analysis allows us to accomplish both, and with the platform’s advanced capabilities, we can also work seamlessly with DevOps to integrate security throughout the software development lifecycle.”

Backslash combines SCA, SAST, SBOM, VEX and secret detection to replace legacy SAST and SCA tools with a single, enterprise-ready platform that uncovers the most critical risks through reachability analytics. Newly released enhancements to the Backslash platform include:

Enhanced support for large enterprise use cases:

  • Integrations with Github Enterprise On-Premise, Github Enterprise Server, Gitlab On-Premise, and Bitbucket On-Premise enable seamless connectivity to enterprise-premises codebases.
  • The expanded language support extends Backslash’s existing language portfolio to include C, C++, Ruby, Rust and Scala to serve different technology stacks and secure the entire codebase, including third-party libraries and dependencies.
  • Role-based access controls enable organizations to easily manage access to the Backslash platform for large and diverse user bases across the organization.

Improvements to security team workflow: New automation policy and action capabilities enable Backslash users to define security workflows and automatically create tickets and notifications with the following collaboration platforms: Jira, Monday.com, ServiceNow, Slack, and Microsoft Teams.

CI/CD integrations for DevSecOps support: Through integrations with Gitlab Pipelines, Github Actions, and Azure Pipelines, DevOps teams can implement DevSecOps processes and prevent new issues from emerging during the pull request and CI/CD phases.

Improvements to accessibility analysis:

  • Phantom packages are packages that are not defined or controlled by the app developer, but are introduced by a transitive developer, thereby escaping the developer’s control and introducing potentially vulnerable versions into the application. Backslash detects these phantom packages in OSS code, even if they are not declared in manifest files.
  • Backslash Security’s reachability analysis identifies vulnerable transitive packages and helps developers understand which vulnerabilities are actually used and therefore exploitable in their codebase, allowing them to prioritize remediation.
  • New UI features improve reachability proof by displaying code references for each reachable path.

Backslash reachability analysis

“Backslash enables organizations to prioritize truly critical code risks and increase trust among the many teams and stakeholders in the software development lifecycle,” said Yossi Pik, co-founder and CTO of Backslash Security. “These latest enhancements automate key AppSec tasks, ensure issues are addressed according to the right priorities, and integrate seamlessly into organizational workflows, while strengthening our reachability analytics to deliver unparalleled results to enterprise security teams.”

Start a free trial with full access to the Backslash platform via a pre-configured demo environment that includes SAST, SCA, Phantom Packages, VEX, SBOM, Secrets and more, now available at Backslash.Security/Trial.

About Backslash
By merging SAST and SCA in Backslash, enterprise AppSec teams can focus on remediating only the reachable, exploitable code vulnerabilities. By identifying authentic attack paths that point to reachable code, Backslash enables security teams to focus on remediating only the code and open source software (OSS) components that are actively in use and accessible to potential attackers. Thanks to this precision, Backslash enables teams to remediate only the vulnerable code and OSS that actually need to be remediated – the reachable, exploitable components.

Backed by StageOne Ventures, First Rays Venture Partners, DE Shaw & Co., and a number of security experts as angel investors, Backslash has been deployed in leading technology companies and Fortune 100 companies. For more information, visit https://www.backslash.security/.

Media contact:
Doug DeOrchis
Scratch Marketing & Media for Backslash
[email protected]

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/399b5afe-cc52-4e2e-8dab-7240b5d994c9

Leave a Reply

Your email address will not be published. Required fields are marked *