Search results for "{{ search.query }}"

No results found for "{{search.query}}". 
View All Results

Overview

What is ShiftLeft

ShiftLeft is a cloud-based security service that helps protect your applications by creating a comprehensive security profile and enforcing that profile at runtime using a lightweight agent.

ShiftLeft Security Service

ShiftLeft Security Service

Code Analysis

ShiftLeft code analysis involves a series of operations resulting in a detailed security profile (SP) of the application. Code analysis is initiated by uploading an app to the service using the ShiftLeft CLI or Plugin.

The security profile is presented at the ShiftLeft Dashboard for analysis and alerting, and downloaded by the ShiftLeft Microagent for runtime monitoring and protection (SPR).

ShiftLeft Code Analysis

ShiftLeft Code Analysis

Security DNA

The Security DNA of an application is derived from code analysis and runtime metrics, informed by policy. The Security DNA of an app is the visual presentation of the security profile at the dashboard.

Static code analysis detects data flows and variable names. Runtime provides metrics such as throughput and number of method invocations. Policy leverages both to identify whitelisted methods, I/O endpoints, security violations in the code, and runtime incidents.

ShiftLeft Security DNA

ShiftLeft Security DNA

Runtime Monitoring

ShiftLeft provides a microagent-based architecture for runtime monitoring and metrics, giving you real time visibility into, and policy-based control over, the runtime security of your app.

The ShiftLeft Microagent collects and reports data to the ShiftLeft service as the app runs, including both method execution and flow (succession of method calls), as well as throughput metrics in the form of calls per minute.

Getting Started

To quickly explore ShiftLeft, we provide the sample app HelloShiftLeft. When you create an account with ShiftLeft you can choose your experience using this sample app.

Experience
Time
Description

~10 minutes

Preload HelloShiftLeft and use the dashboard to view the results of static code analysis and the security profile.

~30 minutes

Explore ShiftLeft end-to-end. Upload HelloShiftLeft using the CLI and view the results in the dashboard. Install the microagent and monitor the app at runtime.

HelloShiftLeft

HelloShiftLeft is a Spring-based Java web app with HTTP handlers that a user can trigger from outside. These handlers provide the ability to create new objects, save them to a database, and retrieve them.

HelloShiftLeft exposes three top-level endpoints: /customers, /account, and /patients.

HelloShiftLeft Sample App

HelloShiftLeft Sample App

HelloShiftLeft transports data across various interfaces and channels, including HTTP/TCP, DB, S3, and makes use of various secrets, including credentials for AWS, MySQL, and Salesforce. In addition, HelloShiftLeft processes sensitive information, including:

  • Customer data: PII such as DOB, SSN, TIN, phone, address
  • Account data: Financial records, such as routing number, account number, balance
  • Health data: PHI such as patient ID, name, vitals, height, weight, DOB

Requests can be sent to HelloShiftLeft by any client application. For example:

See the Reference section for other types of requests you can make to the HelloShiftLeft API.


What's Next

Check out the Resources section of our web site for FAQs, whitepapers, and datasheets, or try one of our hands-on tutorials.

Dashboard Walkthrough
Onboarding Quickstart

Overview

What is ShiftLeft