Scanners
AquilaX Ultimate is a comprehensive software security scanner, designed to detect a wide range of security vulnerabilities in the source code of any application.
Last updated
AquilaX Ultimate is a comprehensive software security scanner, designed to detect a wide range of security vulnerabilities in the source code of any application.
Last updated
Secret
Identification of passwords, API keys and other highly confidential information in the source code
PII
Identification of information related to PII (Personal Identifiable Information) that maybe leaked into a source code
SAST
Static Application Security Testing - Security scanning for vulnerabilities introduce unintentional by developers during the creation of source code. This also often referred to code-scanning or 1st party code scanning
SCA
Software Composition Analysis is a technic to identify the usage of 3rd party (usually Open Source libs) that may contain known vulnerabilities
Container
Container Scanning is a technic that even if is included to SCA, is usually linked to the identification of vulnerable software, rather than vulnerable libraries. Is used during Image creation
IaC
Infrastructure as a Code scanning is linked to identify security misconfiguration in the infrastructure as defined by terraform or cloud formation config files
API
API scanning is a process of identifying potential security issues based on the definition of the API as from OpenAPI specification
Malware
Malware scanning in the source code (in AquilaX case) is a capability to identify intentional malicious code as backdoors, trojan horses, virus etc.. that maybe injected into the application source code
AquilaX employs advanced algorithms to scan codebases for hardcoded secrets and API keys. This includes credentials such as passwords, tokens, and sensitive API keys which, if exposed, could lead to security breaches. By identifying these vulnerabilities, AquilaX helps developers secure their applications against unauthorized access.
Personal Identifiable Information (PII) detection is crucial for compliance with data protection regulations like GDPR and CCPA. AquilaX utilizes pattern matching and machine learning algorithms to detect PII and other confidential data within source code and repositories. This includes sensitive information like social security numbers, credit card details, and personal addresses, helping organizations maintain data privacy and integrity.
SAST is a critical component of secure software development. AquilaX performs static code analysis to identify vulnerabilities, security flaws, and coding errors in applications at an early stage of the development lifecycle. By scanning the source code, AquilaX can detect common security issues such as SQL injection, cross-site scripting (XSS), and buffer overflows, enabling developers to remediate these issues before deployment.
AquilaX conducts dependency checking to identify vulnerable components and libraries within the software stack. By analyzing third-party dependencies and their associated vulnerabilities, AquilaX helps organizations mitigate risks related to outdated or insecure software components, ensuring the integrity and security of the application's dependencies.
Containerization has become increasingly popular for deploying and managing applications. AquilaX provides container scanning capabilities to assess the security posture of Docker images and containerized environments. By scanning containers for vulnerabilities, misconfigurations, and compliance issues, AquilaX helps organizations maintain the security of their containerized deployments.
With the rise of Infrastructure as Code (IaC) practices, security vulnerabilities in infrastructure configurations can have significant consequences. AquilaX offers IaC scanning capabilities to analyze configuration files (e.g., Terraform, CloudFormation) and detect misconfigurations, security loopholes, and compliance violations. This ensures that infrastructure deployments adhere to security best practices and compliance standards.
APIs play a critical role in modern application architectures, but they also introduce security risks if not properly secured. AquilaX specializes in API security testing, identifying vulnerabilities such as insecure authentication mechanisms, excessive data exposure, and insufficient access controls. By assessing the security of APIs, AquilaX helps organizations safeguard their digital assets and prevent API-related security breaches.
Backdoors represent hidden entry points into a system, often introduced maliciously or inadvertently during development. AquilaX utilizes advanced techniques to uncover backdoor functionalities within source code and binaries. By identifying and mitigating backdoors, AquilaX helps organizations prevent unauthorized access and maintain the integrity of their applications.
AquilaX acknowledges the significant contributions of other teams in the field by integrating third-party scanners directly into its engine. This approach ensures that customers benefit from a seamless and user-friendly application security (AppSec) scanning experience. In addition to our in-house developed engines, here is a list of the scanners we utilize:
AquilaX
Checkov
GitLeaks
Bandit
Pyre
CatchIT
GoSec
Horusec
insider
Syft
Gypre
