Skip to main content
TrustRadius
DerScanner

DerScanner

Overview

What is DerScanner?

DerScanner is an application security tool used to identify vulnerabilities and backdoors using various analysis methods (SAST, DAST, SCA) and integrate with other tools for embedding in SSDLC. DerScanner supports static analysis that can check apps written in 36 programing…

Read more
Recent Reviews
TrustRadius

Leaving a review helps other professionals like you evaluate Static Application Security Testing (SAST) Tools

Be the first one in your network to review DerScanner, and make your voice heard!

Return to navigation

Pricing

View all pricing
DerScanner

DerScanner

N/A
Unavailable

What is DerScanner?

DerScanner is an application security tool used to identify vulnerabilities and backdoors using various analysis methods (SAST, DAST, SCA) and integrate with other tools for embedding in SSDLC. DerScanner supports static analysis that can check apps written in 36 programing languages. The…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

2 people also want pricing

Alternatives Pricing

CAST Highlight

CAST Highlight

$25,000
per year
What is CAST Highlight?

CAST headquartered in New York offers Highlight, an application portfolio management solution providing software component analysis , application security, application benchmarking, and technical due diligence.

InsightAppSec

InsightAppSec

$2,000
per year
What is InsightAppSec?

Rapid7 offers InsightAppSec, a dynamic application security testing (DAST) solution, that automatically assess modern web apps and APIs with(according to the vendor) fewer false positives and missed vulnerabilities.

Return to navigation

Product Details

What is DerScanner?

DerScanner is an application security tool used to identify vulnerabilities and backdoors using various analysis methods (SAST, DAST, SCA) and integrate with other tools for embedding in SSDLC. DerScanner supports static analysis that can check apps written in 36 programing languages.

The DerScanner SAST module can perform static analysis not only of the source code, but also of executable files (binary code). In addition to the static analysis module, DerScanner includes a dynamic analysis module that can analyze web applications for vulnerabilities by simulating malicious external attacks and exploiting common vulnerabilities.

The DerScanner solution also provides correlation of static and dynamic analysis results, so that the vulnerabilities, found using the static method, can be dynamically validated. Therefore, correlation of the results obtained during the SAST and DAST analysis is one of the key advantages of using this solution. DerScanner SCA module can also be used to analyze the software composition for security vulnerabilities, get recommendations for replacement, and search for outdated components.

DerScanner Features

  • Supported: DerScanner can analyze source codes written in 36 programing languages, including relatively common Java, Scala, PHP, C#, Swift, Ruby, etc., special-purpose ABAP, Solidity, PL/SQL, etc., and even obsolete Delphi, COBOL and Visual Basic 6.0.
  • Supported: The results of the static and dynamic analysis can be compared, and the vulnerabilities that were found with SAST can be validated by DAST analysis. As a result, the user can get the final list of the verified vulnerabilities and undocumented features.
  • Supported: 10+ analysis methods, including lexical, syntax, semantic, taint, constant propagation, type propagation, synonym and control flow graph analysis
  • Supported: DerScanner employs Fuzzy Logic Engine, which is based on DerSecur’s technological know-how and uses fuzzy set and fuzzy logic mathematical tools in order to minimize the number of both false positives and false negatives (vulnerabilities or undocumented features).
  • Supported: To enable Secure SDLC, DerScanner can be integrated with the Git and Subversion development repositories, VCS hostings, platform for continuous inspection of code quality SonarQube and CI/CD servers, offering quick analysis for both source and binary codes. The solution can also be integrated with the Atlassian Jira issue tracking system, which monitors the process of eliminating vulnerabilities and undocumented features. Support for Microsoft Active Directory streamlines control over access to DerScanner in cases where multiple developers are present. For interoperability with other systems and services, the analyzer offers an open API.
  • Supported: Binary code decompilation and deobfuscation technologies enable DerScanner to analyze executables, including those for Google Android, Apple iOS, and Apple macOS. To check a mobile app, a user just needs to copy a relevant Google Play or App Store link to the analyzer in order to see analysis findings based on the reconstructed source code.
  • Supported: The binary code deobfuscation and decompilation functionality of DerScanner enable the detection of vulnerabilities and undocumented features in legacy and custom apps, including those interacting with third-party components used to reduce development time (such as freeware, pre-written codes from Internet, modules, and libraries).
  • Supported: The DerScanner SCA module can analyze the software composition for security vulnerabilities, get recommendations for replacement, and search for outdated components.

DerScanner Competitors

DerScanner Technical Details

Deployment TypesOn-premise, Software as a Service (SaaS), Cloud, or Web-Based
Operating SystemsLinux, OS Astra SE 1.7.3+, Ubuntu 22.04, Ubuntu 20.04, CentOS 7, Red Hat Enterprise Linux 8, RedOS 7
Mobile ApplicationNo
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews

Sorry, no reviews are available for this product yet

Return to navigation