ShiftLeft, an application security testing platform, has received $29 million in additional funding from SYN Ventures and Blackstone Innovations Investments, which will be used to accelerate product development and expand the scope of cloud native application architectures and languages.
AppSec code security platform, ShiftLeft Core, allows enterprises to use static application security testing (SAST) and software composition analysis (SCA) to scan application code and third-party libraries for security issues and vulnerabilities.
The solution is used to identify vulnerabilities from the perspective of an attacker and prioritizes them based on those risks an attacker is most likely to compromise, while providing step-by-step guidance on how to remediate them.
ShiftLeft is a platform for security teams and developers to quickly identify application-level vulnerabilities, which allows them to have more time to write high-performance, secure application code.
Making the AppSec experience more user-friendly
The announcement comes as more organizations are struggling to protect the applications used in their environments, with research showing that 34% of applications had a severe vulnerability in 2021, a rise of 21% from 2020, and 13% of applications had one to two serious vulnerabilities.
Many organizations are utilizing application scanning solutions to identify and mitigate these difficulties before an attacker can. The problem is that most traditional SAST solutions provide little assistance to prioritize the significant amount of vulnerabilities discovered.
Most applications have larger vulnerabilities than security and development teams can reasonably manage. However, not every application vulnerability must be addressed, according to ShiftLeft''s CEO and co-founder, Manish Gupta.
Traditional SAST and SCA solutions simple produce lists of hundreds or thousands of vulnerabilities, only prioritized based on CVE criticality. ShiftLeft uses a modern approach where we look at applications as a whole, including their custom code and open-source dependencies, to discover all of the shortcomings in the code.
Gupta explained that the ShiftLeft CORE platform analyzes application data flows to identify which vulnerabilities can be exploited by the attacker. This prioritization model means that developers will not have to waste time mitigated low-risk vulnerabilities or sifting through false positive alerts.
According to Gupta, its a practice that is very effective, permettant to ShiftLeft customers to rectify 92 percent of their riskiest vulnerabilities in less than 20 days.
The AppSec market
ShiftLefts'' growth has erupted alongside the development of the wider application security market, which researchers predicted to reach a value of $6.2 billion in 2020, and will reach a value of $13.2 billion by 2025, as cyber criminals target business applications.
The provider is competing against a wide array of other application security vendors, including legacy providers like Veracode, a 9-time Gartner Magic Quadrant Leader for Application Security Testing.
Veracode has offered a platform for companies to conduct SAST, SCA, Dynamic Application Security Testing (DAST), public web application scanning, and manual penetration testing, and earlier this year announced that it had increased its revenue by 13% and has fixed over 16 million security flaws to date.
Snyk, a developer security platform, has another recent entry to the market that is competing with ShiftLeft, who has most recently raised $530 million and reached a valuation of $8.5 billion.
Snyk uses security intelligence to constantly scan, identify, and automatically identify vulnerabilities in developer code.
The main difference between ShiftLeft and these competitors is its emphasis on prioritizing vulnerabilities that attackers are most likely to exploit. This approach allows developers to focus on finding fixes for cyber criminals who are most likely to exploit.