| synopsys.com | 1
Seeker
Interactive Application Security Testing
Easy-to-use enterprise-
scale IAST that
accurately identifies and
verifies vulnerabilities
Overview
Seeker®, our interactive application security testing (IAST) solution, gives you
unparalleled visibility into your web app security posture and identifies vulnerability
trends against compliance standards (e.g., OWASP Top 10, PCI DSS, GDPR, CAPEC,
and CWE/SANS Top 25). Seeker enables security teams to identify and track sensitive
data to ensure that it is handled securely and not stored in log files or databases with
weak or no encryption. Seeker’s seamless integration into DevOps CI/CD workflows
enables continuous application security testing and verification.
Unlike other IAST solutions, which only identify security vulnerabilities, Seeker can also
determine whether a security vulnerability (e.g., XSS or SQL injection) can be exploited,
thus providing developers with a risk-prioritized list of verified vulnerabilities to fix in
their code immediately. Using patented methods, Seeker quickly processes hundreds
of thousands of HTTP(S) requests, identifies vulnerabilities, and reduces false
positives to near zero. This enables security teams to focus on actual verified security
vulnerabilities first, greatly improving productivity and reducing business risk. It’s like
having a team of automated pen testers assessing your web applications 24/7.
Seeker applies code instrumentation techniques (agents) inside running applications
and can scale to address large enterprise security requirements. It provides accurate
results out of the box and doesn’t require extensive, lengthy configuration. With Seeker,
your developers don’t have to be security experts, because Seeker provides detailed
vulnerability descriptions, actionable remediation advice, and stack trace information,
and it identifies vulnerable lines of code.
Seeker continuously monitors any type of testing applied to web apps and seamlessly
integrates with automated CI build servers and test tools. Seeker leverages these
tests (e.g., manual QA of login pages or automated functional tests) to automatically
generate multiple security tests.
Seeker also includes Black Duck
®
Binary Analysis, our software composition analysis
(SCA) solution, which identifies third-party and open source components, known
vulnerabilities, license types, and other potential risk issues. Seeker and Black Duck
analysis results are presented in a unified view and can be sent automatically to bug-
tracking and collaboration systems of choice, so developers can triage them as part of
their normal workflow.
Seeker is ideal for microservices-based app development as it can bind together
multiple microservices from a single app for assessment.
Seeker analyzes the flow of data between microservices to analyze the system as a
whole, not just as a set of unrelated applications. Data flows are tracked over HTTP(S),
gRPC, shared databases, and more.
Comprehensive dashboard view of top
security vulnerabilities from application
to components and APIs involved.
Instant visualization with detailed test
coverage and data flow tracking. It
displays the architecture of the system
under test, including data flowing into
the app from various sources, data
flowing between different components
of the system, and outgoing calls to
third-party APIs and web services.