Overview

Introduction to Black Duck® Seeker and its main features and capabilities.

The Need

Black Duck® Seeker is an interactive application security testing (IAST) solution that enables development, DevOps, and QA teams to perform security testing concurrently with the automated testing of web applications by detecting vulnerabilities at runtime.

Enterprises in financial services, banking, E-commerce, insurance companies, and healthcare have been victims of security attacks resulting in data breaches that caused significant financial and business damages. Their web applications are a target for hackers attempting to get access to sensitive IP/data and personal information.

While development and security teams often use Static Application Security Testing (SAST) solutions to identify security weaknesses and vulnerabilities in the source code of their web applications, many vulnerabilities can only be detected dynamically by testing running applications.

Application development and DevOps teams rely on agile development and automation. They need application security tools that seamlessly integrate with standard build, test, and QA tools. These tools should be easy to deploy, update, and scale to support requirements of large enterprises.

How Seeker Answers the Need

Seeker uses code instrumentation techniques to monitor execution and data flows of running web applications in the background, typically during regular automated or manual QA testing, or penetration testing.

Seeker effectively detects security vulnerabilities in applications and enables developers to fix them early in the Software Development Life Cycle (SDLC), which reduces remediation costs and eliminates delays.

Highlights

  • Immediate detection and verification of various application security vulnerabilities during automated testing.
  • Seamless integration with regular CI/CD, QA, and DevOps workflows.
  • Analysis of application compliance with the major industry security standards.
  • Security software composition analysis of third-party and open-source components.
  • Detailed vulnerability descriptions, actionable remediation guidance, and identified vulnerable lines of code.
  • Integrated eLearning online training courses that educate and guide developers how to handle and remediate vulnerabilities detected in their code.
  • Productivity improvement by quick processing of hundreds of thousands of HTTP(S) requests as well as by eliminating false positives from identified vulnerabilities.