We’re excited to bring back Transform 2022 in person on July 19 and virtually July 20-28. Join AI and data leaders for insightful talks and exciting networking opportunities. Sign up today!
Today, the application security testing platform ShiftLeft announced it had raised $29 million in additional funding from SYN Ventures and Blackstone Innovations Investments, which will be used to accelerate product development and expand solution coverage of cloud-native application languages and architectures.
ShiftLeft’s AppSec code security platform, ShiftLeft Core, enables enterprises to use static application security testing (SAST) and software composition analysis (SCA) to scan third-party application code and libraries for vulnerabilities and security issues.
The solution looks for vulnerabilities from an attacker’s perspective and prioritizes them based on the threats an attacker is most likely to compromise, while providing developers with step-by-step guidance on how to remediate them.
For enterprises, ShiftLeft provides a solution that enables security teams and developers to quickly identify application-level vulnerabilities, so they have more time to write secure, high-performance application code.
Make the AppSec experience easier to use
The announcement comes as more organizations are scrambling to protect the applications used in their environments, with investigate showing that 34% of applications had a serious vulnerability in 2021, an increase of 21% from 2020, while 13% of applications had one or two serious vulnerabilities.
For this reason, many organizations turn to application scanning solutions to find and mitigate these vulnerabilities before an attacker does. The problem is that most traditional SAST solutions offer little help in prioritizing the high volume of discovered vulnerabilities.
“Most applications have more vulnerabilities than the development and security teams can reasonably address. But it is not necessary to fix all application vulnerabilities,” said Manish Gupta, CEO and co-founder of ShiftLeft.
“Traditional SAST and SCA solutions simply produce lists of hundreds or thousands of vulnerabilities, only prioritized based on CVE criticality. ShiftLeft takes a modern approach where we look at applications as a whole, including their custom code and open source dependencies, to discover all vulnerabilities in the code,” Gupta said.
Gupta also explained that the ShiftLeft CORE platform analyzes an application’s data streams to identify which vulnerabilities the attacker can exploit. This prioritization model means developers don’t have to waste time mitigating low-risk vulnerabilities or filtering out false-positive alerts.
According to Gupta, it’s a highly effective model that enables ShiftLeft customers to fix 92% of their riskiest vulnerabilities in less than 20 days.
The AppSec Marketplace
ShiftLeft’s growth has occurred alongside the development of the broader app security marketwhich researchers valued at $6.2 billion in 2020 and estimates will reach a value of $13.2 billion by 2025 as cybercriminals target commercial applications.
The vendor competes against a variety of other application security vendor organizations, including legacy vendors such as truecodenine times Gartner Magic Quadrant Leader in Application Security Testing.
Veracode offers a solution for enterprises to perform SAST, SCA, Dynamic Application Security Testing (DAST), public web application scanning, and manual penetration testing. Earlier this year, the company announced that it had increased its income by 13% and has fixed more than 16 million security flaws to date.
Snyk uses security intelligence to automatically scan, identify, and fix vulnerabilities in developer code on an ongoing basis.
Currently, the main differentiator between ShiftLeft and these competitors is its emphasis on prioritizing vulnerabilities that are most likely to be exploited by attackers. This approach means that developers can focus on finding solutions for the risks that cybercriminals are most likely to exploit.
The VentureBeat Mission is to be a digital public square for technical decision makers to learn about transformative business technology and transact. Learn more about membership.