ShiftLeft, an application security testing platform, has raised $29 million in additional investment from SYN Ventures and Blackstone Innovations Investments, which will be used to accelerate product development and expand the coverage of cloud native application architectures and languages.
AppSec code security platform, ShiftLeft Core, has been designed to enable enterprises to use static application security testing (SAST) and software composition analysis (SCA) to scan application code and third-party libraries for security concerns and vulnerabilities.
The solution seeks for vulnerabilities from the perspective of an attacker and prioritizes them based on those threats that an attacker is most likely to compromise, albeit providing step-by-step instructions on how to correct them.
ShiftLeft is a technology that allows security teams and developers to quickly identify application-level vulnerabilities, so they have the ability to spend more time writing high-performance, secure application code.
Making the AppSec experience more user-friendly
This is the first time that more organizations are attempting to protect applications used within their environments, with research showing that 34% of applications had a serious vulnerability in 2021, a jump of 21% from 2020, while 13% of applications had one to two serious vulnerabilities.
Many organizations are using application scanning tools to identify and mitigate these vulnerabilities before an attacker can. The problem is that most traditional SAST solutions provide little assistance to prioritize the high volume of vulnerabilities discovered.
Most applications have more vulnerabilities than security and development teams may reasonably address. However, not every application vulnerability should be addressed, according to Manish Gupta, the CEO and cofounder of ShiftLeft.
Traditional SAST and SCA solutions result in lists of hundreds or thousands of vulnerabilities, only prioritized based on CVE criticality. ShiftLeft uses a modern approach where we look at applications as a whole, including their custom code and open-source dependencies, to uncover all of the gaps in the code.
Gupta explained that the ShiftLeft CORE platform analyzes application data flows to determine which vulnerabilities can be exploited by the attacker. This prioritization approach means that developers do not have to waste time curing low-risk vulnerabilities or sifting through false positive alerts.
According to Gupta, its a method that is extremely effective, permettant to ShiftLeft customers to fix 92% of their riskiest vulnerabilities in less than 20 days.
The AppSec market
As cybercriminals target business applications, ShiftLefts'' growth continues. The vast application security market, which researchers predicted at $6.2 billion in 2020, will reach a value of $13.2 billion by 2025.
In Application Security Testing, a provider is competing against a variety of other application security vendors, including legacy providers such as Veracode, a nine-time Gartner Magic Quadrant.
Veracode is a digital communication platform that allows enterprises to perform SAST, SCA, Public Web Application Security Testing (DAST), and manual penetration testing. Earlier this year, the company announced that it had grown its income by 13% and has fixed over 16 million security flaws.
Snyk, a developer security platform, has another recent entry to the market that is competing with ShiftLeft, which most recently raised $530 million and has raised $8.5 billion.
Snyk uses security intelligence to continuously scan, identify, and automatically remedie vulnerabilities in development code.
The main difference between ShiftLeft and these competitors is the emphasis on prioritizing vulnerabilities that attackers are most likely to exploit. This approach means that developers may focus on discovering fixes for the risks that cybercriminals are most likely to exploit.