Reachability in SCA/SAST (Part 2)

The problem - only going halfway

In the previous blog, we’ve discussed the significance of analyzing vulnerabilities within the context of the application to minimize the noise from vulnerabilities in packages that are not utilized by the application (both direct and transitive packages). While this step significantly narrows down the list of issues, it doesn't provide a complete solution. We need to think less like developers and more like attackers - the fact your application is consuming a vulnerable package doesn’t mean that attackers can exploit it.

*Reachability - showing that application code reaches a vulnerable code*

Full application attack path

When examining the problem from an attacker's perspective, it's essential to consider not only whether an application code utilizes the package but also whether it is externally reachable - accessible from the internet or the local network.

*External Reachability - vulnerable code can be reached from the network*

The Backslash approach

Backslash analyzes the code statically, without the need for agents or any form of instrumentation, to identify complete attack paths, and externally reachable vulnerabilities and prioritizes them accordingly:

Do we need a CSPM tool?

Yes. Backslash doesn't analyze your runtime and your infrastructures. We focus on finding application vulnerabilities with external reachability and attack paths originating from your code. This enables you to shift-left and address these vulnerabilities before your code becomes a running application.

Try Backslash

Backslash customers detect issues attackers can actually exploit, enabling them to discover and resolve these issues before the application runs. Curious about the actual number of attack paths in your application? Find out now