Back to Feed

Backslash Unveils Extensive Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform

Backslash Team

-

June 6, 2024

Backslash is leading the charge to replace outdated legacy SAST and SCA tools, with a new flexible policy engine, multi-team support, CI/CD integration, workflow automation, extended language support and more 

TEL AVIV, Israel, June 6, 2024 -- Backslash Security, a modern application security solution that leverages deep reachability analysis for enterprise AppSec and product security teams, today unveiled expansive new platform capabilities. With a broad roster of new on-premises integrations, security team workflow integrations and automation features, CI/CD integrations, and bolstered language support, Backslash now serves the full software development lifecycle and further supports the application security needs of large enterprises. 

“There are two core elements that make AppSec teams successful – one is cutting through the noise to prioritize truly reachable and exploitable vulnerabilities; the other is building confidence with our developers to trust that the risks we flag are real, and worth their effort to investigate and fix,” said Shane Garoutte, Head of Security & Compliance at Capital Rx. “Backslash’s focus on reachability analysis enables us to achieve both, and with the platform’s expanded capabilities, we can also work seamlessly with DevOps to integrate security throughout the software development lifecycle.” 

Backslash combines SCA, SAST, SBOM, VEX, and secrets detection to replace outdated legacy SAST and SCA tools with a single, enterprise-ready platform that uncovers the most critical risks through reachability analysis. Newly released enhancements to the Backslash platform include: 

Extended support for large enterprise use cases: 

  • Integrations with Github Enterprise On-Premise, Github Enterprise Server, Gitlab On-Premise and Bitbucket On-Premise enable seamless connection to enterprise on-premises codebases. 
  • Extended language support adds C, C++, Ruby, Rust and Scala to Backslash’s existing language portfolio to serve diverse technology stacks and secure the entire codebase, including third party libraries and dependencies. 
  • Role-based access controls enable enterprises to easily manage access to the Backslash platform for large and varied user bases across the organization. 

Security team workflow enhancements: New automation policies and actions features enable Backslash users to specify security workflows and automatically create tickets and notifications with the following collaboration platforms: Jira, Monday.com, ServiceNow, Slack and Microsoft Teams.

CI/CD integrations for DevSecOps support: Integrations with Gitlab Pipelines, Github Actions and Azure Pipelines enable DevOps teams to implement DevSecOps processes and prevent new issues from being introduced in the pull request and CI/CD stages.

Reachability analysis enhancements:

  • Phantom packages are packages not defined or controlled by the app developer but introduced by a transitive one, escaping the developer's control and potentially introducing vulnerable versions into the application. Backslash detects these phantom packages in OSS code, even if they are not declared in manifest files.
  • Backslash Security’s reachability analysis identifies vulnerable transitive packages, helping developers understand which vulnerabilities are actually in use and therefore exploitable within their codebase, allowing them to prioritize what to fix.
  • New UI features bolster reachability evidence by showing code references for each reachable path.

"Backslash enables enterprises to prioritize truly critical code risks and facilitate trust among the many teams and stakeholders within the software development lifecycle," said Yossi Pik, co-founder and CTO of Backslash Security. "These latest enhancements automate key AppSec tasks, ensure issues are handled according to the correct priorities, and integrate smoothly into organizational workflows, all while strengthening our reachability analysis to provide enterprise security teams with incomparable results."

Start a free trial with full access to the Backslash platform via a pre-configured demo environment that includes SAST, SCA, phantom packages, VEX, SBOM, secrets, and more, now available at backslash.security/trial.

About Backslash
Backslash's fusion of SAST and SCA empowers enterprise AppSec teams to focus on fixing only the reachable, exploitable code vulnerabilities. By identifying authentic attack paths pointed at reachable code, Backslash empowers security teams to focus on rectifying only the code and open-source software (OSS) components that are actively in use and accessible to potential attackers. Thanks to this precision, Backslash enables teams to fix only the vulnerable code and OSS that indeed needs addressing – the reachable, exploitable components.

Backed by StageOne Ventures, First Rays Venture Partners, D. E. Shaw & Co., and a roster of security veterans as angel investors, Backslash has been deployed across leading technology organizations and Fortune 100 companies. Learn more at https://www.backslash.security/.