Sparrow offers the application security ecosystem that includes Sparrow SAST/SAQT, intelligent static application security, and quality testing tool, Sparrow DAST, a powerful dynamic application security testing tool with TrueScan (IAST module), Sparrow RASP, a web application self-protection tool, and Sparrow InteractiveHUB, a web application interaction and management platform. These solutions are designed to help companies to implement DevSecOps, enabling them to continuously monitor the security of their applications and development throughout their SDLC.
TECHNOLOGY FEATURES & SPECIFICATIONS
Sparrow SAST/SAQT is a semantic based-static code analysis tool that detects critical software vulnerabilities at the early stages of software development with machine learning capability.
Sparrow’s static analysis solution obtained many certifications including CC, CWE, ISO26262, etc. The solution also supports various international compliance standards and guides including OWASP, CERT C/C++, MISRC C/C++, etc.
Sparrow SAST/SAQT received 94.8 ratings from OWASP benchmark testing and was also included in the Gartner Magic Quadrant for Application Security Testing 2017.
Sparrow DAST is a powerful dynamic application security testing tool that can analyze web applications in their running state during testing and operational phases. Sparrow DAST is equipped with the market’s most advanced technologies including event replay and IAST capability to enable it to detect security vulnerabilities beyond what conventional DAST tools could not detect.
Sparrow RASP is a runtime application self-protection solution that protects web applications against application-layer attacks in real-time. Sparrow RASP can track all external request parameter data and DB query result data and the processing of collected external data within WAS that can record issues and block requests if threats or vulnerabilities are detected while tracing.
Sparrow solutions can help companies, the financial sector, or government agencies to eliminate security and quality issues from their applications during SDLC.
1) Sparrow's static analysis solution, SAST/SAQT can help customers in the coding or building stage of SDLC to eliminate issues from the source code.
2) Sparrow's dynamic analysis solution, DAST, can identify and help to remove security issues from web application during the testing stage.
3) Sparrow's runtime application protection solution, RASP, can offer real-time protection of running application during the operation stage.
1) With Sparrow SAST/SAQT, customers can test both security vulnerabilities and quality issues at once.
2) Sparrow offers comprehensive application security solutions that can be used throughout the SDLC.
3) With Sparrow's solution, customers can comply with various global standards including, CWE, CERT C/C++, OWASP, etc.
4) Sparrow solution is available in both on-premise and cloud SaaS version to meet the customer's needs and environments.