OWASP/CWE プロジェクトとポートフォリオにおけるトップ 25 のセキュリティ レポート
- OWASP および CWE Top 25 標準のカテゴリに対するアプリケーション セキュリティを追跡するための専用レポート
- セキュリティ脆弱性フィードバックループを短縮し、開発者がセキュリティホールをより早く修正できるようにします
- 上位レポートのPDFをエクスポートする
Open Worldwide Application Security Project
OWASP security vulnerabilities covered
Thoroughly convey the OWASP most critical security risks facing organizations to improve security software posture for designing, developing and deploying software securely. See issues in the OWASP Top 10 and ASVS 4.0 most critical security risk categories in your applications and start detecting security issues.
By raising OWASP Top 10-related security vulnerability issues to developers early in the process, Sonar helps you protect your systems, your data and your users.
use OWASP standards to empower developers to own Code Security
Application security starts with code; Sonar helps you own it.
get early SAST feedback and a guided developer experience
SAST analysis of Pull Requests helps empower developers by shifting security left and presenting OWASP Security Vulnerabilities as early as possible in your process - when the code is fresh in mind and the fix is still easy.
The issue visualizer is crafted for clarity so developers easily understand the problem flow across methods and from file to file.
In-app guidance helps developers really understand the problem so they can craft the most secure fix.
use taint analysis to chase down the bad actors
Application security comes from making sure that data is sanitized before hitting critical system parts (Database, File System, OS, etc.)
Taint analysis - it's the ability to track untrusted user input throughout the execution flow from the vulnerability source to the code location (‘sink’) where the compromise occurs.
Configure your taint analysis by declaring the custom frameworks you use to capture user input and/or to persist it.
track OWASP compliance across security standards
Dedicated reports track project security against the OWASP Top 10, ASVS 4.0 and CWE Top 25 standards.
The Sonar Security Report facilitates communication by categorizing vulnerabilities in terms developers understand.
Track compliance at Project or Portfolio level and differentiate Vulnerability fixes from Security Hotspot Reviews.
PDF downloads for reporting
The security reports' PDF export includes the project security overview and the top security reports.
SONAR OWASP FEATURES
Achieve OWASP Top 10 standards
Enable developers to produce software that is secure, reliable, and maintainable through Sonar’s comprehensive suite of tools and features to help developers and organizations ensure that their applications are secure against common vulnerabilities.
SAST analysis
The SAST analysis is capable of identifying patterns in the source code that may lead to access control issues, such as missing authentication checks or improper configuration of role-based access controls.
custom rules and configurations
Create custom rules and configurations that can be tailored to the specific security standard requirements of a project. This flexibility ensures that the analysis can be as precise and relevant as possible, aiding in the accurate detection and remediation of coding issues.
secure code review
Execute secure code review processes by analyzing pull requests for potential security issues. Identifying these issues early in the development cycle helps in maintaining a high level of application security and adherence to the OWASP standards.
continuous inspection
Continuous inspection of code quality helps in early detection and remediation of security issues. Sonar’s continuous analysis and monitoring feature ensures that the codebase remains compliant with security standards including OWASP Top 10, and any new code that introduces potential code issues is promptly identified.