Threat Mapper – An Open Source AppSec Vuln Scan Tool
Share this:
Deepfence announced its making available a ThreatMapper tool that employs lightweight sensors that automatically scan, map and rank application vulnerabilities across serverless, Kubernetes, container and multi-cloud environments available as open source software.
Threat Mapper analyzes feeds from more than 50 different sources to provide security teams with a lower cost tool that makes it simpler to identify threats and vulnerabilities after an application has been deployed. It also rank those vulnerabilities by risk level to provide guidance on which threats security teams should prioritize.
Applications would be secure before they are deployed in a production environment. Organizations are increasingly adopting DevSecOps best practices in the hope that the number of vulnerabilities that make it into a production environment can be minimized.
The challenge is that applications, once deployed, are now being continuously updated. Each update introduces another potential opportunity for a vulnerability to be inadvertently introduced. Cybersecurity teams that are already stretched thin simply can’t keep pace with the current rate at which applications are being built, deployed and updated.
ThreatMapper helps even those odds by providing cybersecurity teams with a set of lightweight scanning tools that can be easily deployed, said Lahane. Deepfence also provides a commercial offering based on ThreatMapper, dubbed ThreatStryker, to provide deep packet inspection (DPI) capabilities in real-time.
It has become increasingly clear that security is a team sport. In addition to IT operations teams, developers are now more involved in application security than ever. Naturally, there’s still a long way to go before most developers acquire the level of cybersecurity expertise needed to ensure applications are less vulnerable. However, as long as applications are developed by a human being, there will always be mistakes.
