Greetings from Test Automation Forum (TAF)! Welcome to our Showcase session!
In our 14th session, we showcased a futuristic Developer Security platform for cloud-native apps called Deepfactor (www.deepfactor.io) that enable you to discover, prioritize, and remediate application security risks early in the development and testing lifecycle as part of your organization’s Shift-Left (Shift-start) strategy.
Deepfactor allows engineering teams to quickly discover and resolve security issues, supply chain risks, and compliance violations during development, without even having access to the software source code (magic, right?)
Deepfactor’s scanning software includes seamless cloud native deployment, with developers able to drop Deepfactor directly into the container or Kubernetes cluster. By integrating Deepfactor into your process you can drive the adoption of DevSecops, integrating AppSec into the CI/CD pipeline to reduce noisy alerts and prioritize first and 3rd party code that can’t be found with static code scanning.
Some of the key features of Deepfactor:
- Deepfactor Developer Security Insights: Deepfactor automatically discovers and prioritizes application risks across application code, dependencies, container images, and web interfaces to help developers ship secure code faster.
- Pinpoint Application Risks: Deepfactor identifies insecure application code, behaviour and dependency risks related to secrets, privilege escalation, remote code execution, and more to provide developers unique application-aware insights.
- Secure the Supply Chain: Deepfactor scans applications to ensure that all artefacts, dependencies, and OS packages are secure, while providing detailed usage information for developers to prioritize resolution.
- Detect OWASP Top 10: Deepfactor automatically scans known web interfaces and APIs, while also observing hidden URIs during QA testing to detect OWASP Top 10 critical security risks.
- Understand Compliance Risk: Deepfactor maps application security risks to various compliance controls to help engineering teams identify the insecure code that violates relevant compliance standards (PCI DSS, SOC 2 Type 2, NIST).
- Dynamic Bill of Materials: Deepfactor analyzes licensing, file usage, code interactions, and network behavior in addition to dependencies, OS packages, and components
You can watch the recorded session here (duration: ~50 mins)
It was an absolute pleasure to have Kiran Kamity, Founder & CEO and Dinesh Mistry, VP of Sales and Customer Excellence at DeepFactor to discuss about Deepfactor. We talked about their team’s journey so far, how the platform is helping their global customers to develop secured Enterprise Apps and most importantly we had a great product walkthrough of the platform. Also wanted to thank Virginia Lux for the efforts around coordinating for this session.
Dear followers, I hope you find this session informative and insightful. Will be more than happy to help if you have any questions or suggestions.
See you in our next session.
Disclaimer: The Test Automation Forum (TAF) doesn’t accept any payments/monetary favors or any other similar benefits to write an article or present a review video in order to promote any commercial software products. The intention is to expand the awareness around the testing Platforms/Products in the Software Testing/QA world.