ShiftLeft, an application security testing platform, has raised $29 million in additional funding from SYN Ventures and Blackstone Innovations Investments, which will help with product development and expand the coverage of cloud native applications.
AppSec''s code security platform, ShiftLeft Core, allows enterprises to use static application security testing (SAST) and software composition analysis (SCA) to scan application code and third-party libraries for security issues and vulnerabilities.
The solution analyzes vulnerabilities from the perspective of an attacker and prioritizes them based on the threats an attacker is most likely to compromise, posing a step-by-step approach to remediate them.
ShiftLeft provides a platform that allows security teams and developers to quickly identify application vulnerabilities, so they have more time to write high-performance, secure application code.
Making the AppSec experience more user-friendly
The announcement comes as more organizations are unable to secure the applications they use within their environments, with research showing that 34% of applications had a severe vulnerability in 2021, a jump of 21% from 2020, compared to 13% of applications.
Many organizations are turning to application scanning solutions to detect and mitigate these vulnerabilities before an attacker can. The problem is that most traditional SAST solutions offer little assistance to prioritize the large amount of vulnerabilities discovered.
Most applications have more vulnerabilities than security and development teams can reasonably address. But not every application vulnerability must be addressed, according to Manish Gupta, the CEO and cofounder of ShiftLeft.
Traditional SAST and SCA solutions are simply generating lists of hundreds or thousands of vulnerabilities that are only prioritized based on CVE criticality. ShiftLeft uses a modern approach to assess applications as a whole, including their custom code and open-source dependencies, to investigate all of the shortcomings in the code.
ShiftLeft''s CORE platform analyzes applications data flows to identify which vulnerabilities are exploited by the attacker. This prioritization approach means that developers do not have to spend time mitigating low-risk vulnerabilities or sifting through false positive alerts.
According to Gupta, its a style that is absolutely effective, giving ShiftLeft customers the freedom to fix 92 percent of their riskiest problems in less than 20 days.
The AppSec market
ShiftLefts'' growth has erupted as a result of the expansion of the wider application security market, which researchers predicted for $6.2 billion in 2020, and will reach a value of $13.2 billion by 2025, as cybercriminals a target business applications.
In application security testing, the provider is competing against a number of other vendor organizations, including legacy providers like Veracode, a nine-time Gartner Magic Quadrant leader.
Veracode has provided a platform for enterprises to conduct SAST, SCA, Dynamic Application Security Testing (DAST), public web application scanning, and manual penetration testing. Earlier this year, the company had increased its revenue by 13% and has fixed over 16 million security flaws to-date.
Snyk, a developer security platform, has another new entry to the market that is competing with ShiftLeft, which has most recently raised $530 million and surpassed an valuation of $8.5 billion.
Snyk employs security intelligence to continually scan, identify, and automatically remedie vulnerabilities in developer code.
The main difference between ShiftLeft and these competitors is its emphasis on prioritizing vulnerabilities attackers are most likely to exploit. This approach means that developers may focus on discovering solutions for the potential cybercriminals.