The Most Accurate Code Analysis

Go Beyond SAST

Legacy code analysis tools use signatures or rules to find technical vulnerabilities such as SQL injection (SQLi) and cross-site scripting (XSS) because the conditions that cause these vulnerabilities are common to any code base. Ocular helps find business logic and technical vulnerabilities unique to your application, by enabling the analyst to write their own custom queries.

Go Beyond SAST
Powerful Query Language for Total Customization

Powerful Query Language for Total Customization

Ocular enables you to query your applications’ Code Property Graphs. Ocular is a scala-based read-eval-print-loop (REPL) tool to traverse the graph. For example, Ocular enables you to query for all the sources and sinks of a critical data variable. It can list every transform on each route to ensure that data is always handled properly and never leaking to a logger.

 

Find Business Logic Flaws

Business logic flaws are application and business domain specific vulnerabilities that result from faulty application logic.

Find Business Logic Flaws
Hard-Coded Secrets

Hard-Coded Secrets

Ocular helps identify usernames, passwords, tokens and other secrets that have been hard-coded into source code.

Authentication Issues

Authentication Issues

Ocular enables code auditors to build custom queries that ensure authentication is consistent and appropriately applied across the application. Ocular helps identify flaws such as authentication bypass, insufficient process validation or indirect object reference & more.

Data Leakage

Data Leakage

Ocular understands all routes of information flows in applications. This enables code auditors to query all sources, all sinks and all transformations to confirm critical data is always handled properly. Furthermore, Ocular’s understanding of routes includes custom code, open source libraries, SDKs, APIs and microservices.

Insider Threats

Insider Threats

Ocular enables code auditors to leverage their knowledge of business logic to quickly identify symptoms of insider threats such as rootkits, backdoors and logic bombs.

Automated Regression Testing in CI/CD

Automated Regression Testing in CI/CD

Ocular queries can be saved as policies that are automatically inserted into the SDLC via either pull requests or build tool. This ensures that developers get immediate feedback on vulnerabilities and, once identified, vulnerabilities are not re-introduced,

Be Productive Instantly

Ocular ships with out-of-the-box query templates to find business logic flaws, technical vulnerabilities, and sensitive data leaks. These templates require minimal customization to detect backdoors, time bombs, malicious code, privilege escalations, authorization bypasses, rootkits, insider attacks and numerous other flaws in your application.

  • SCRIPT NAME

  • USE CASE

  • Authorization bypass
  • Detect flows when authorization is not happening post authentication
  • Cookie poisioning
  • Identify if HTTP cookies are being maliciously or inadvarently modified by attacker controlled values or in program logic itself
  • Insecure Direct Object Reference (IDOR)
  • Identify locations in application where attacker controlled objects are used in critical operations such as database operations without any checks
  • SCRIPT NAME

  • USE CASE

  • GDPR compliance
  • This script will run all tests to detect whether your code is compliant to GDPR from a data leak perspecitve, and generate a report
  • Access Token/Secret leaks
  • Detects hard-coded secrets such as AWS Keys, passwords etc.
  • PII Leaks to emails
  • Detect personally identifiable inforamtion (PII) leaking to emails
  • PII Leaks to logs
  • Detect personally identifiable inforamtion (PII) leaking to system and user logs
  • PII Leaks to disk/files
  • Detect personally identifiable inforamtion (PII) leaking to disk/files
  • Weak Crypto detection
  • Detect usage of weak cryptographic libraries in the application
  • SCRIPT NAME

  • USE CASE

  • Generic attack surface detection
  • Identifies Application entry points that can be compromised
  • Attack surface detection for Burp
  • Identifies Application entry points in a Burp compliant format
  • SCRIPT NAME

  • USE CASE

  • Authorization bypass
  • Detect flows when authorization is not happening post authentication
  • Cookie poisioning
  • Identify if HTTP cookies are being maliciously or inadvarently modified by attacker controlled values or in program logic itself
  • Insecure Direct Object Reference (IDOR)
  • Identify locations in application where attacker controlled objects are used in critical operations such as database operations without any checks
  • SCRIPT NAME

  • USE CASE

  • Malicious String Literals
  • Identify string literals and their locations in code which may contain malicious patterns (may/may not be encoded)
  • Kernel Panic code
  • Identify code and their locations in the codebase which may cause kernel panic
  • Malicious Permission manipulation
  • Identify code and their locations in the codebase which change system permissions
  • Malicious system commands execution
  • Identify code and their locations in the codebase which can cause malicious code to execude
  • Malicious File manipulation code
  • Identify code and their locations in the codebase which can manipulate files maliciously
  • Malicious Disk manipulation code
  • Identify code and their locations in the codebase that manipulate disk on the system
  • SCRIPT NAME

  • USE CASE

  • Compiler abuse
  • Detect if dynamic code is loaded/compile
  • Time bomb/logic bomb
  • Detect if logic/time bombs are triggered at scheduled intervals that can distrupt operations
  • DDos Attack path
  • Detect paths in application that can detect Denial of Service attack
  • Detect encoded malicious code modules
  • Rootkits planted by malicious and disgruntled employees that can be triggered/scheduled to be executed
  • Secret input detection
  • Detect backdoors planted by engineers to bypass complaince and auditing
  • Detect Reflection abuse (for RCE)
  • Ability to execute arbritray commands that can be compiled/executed by attacker controlled input
  • Detect SSRF symptoms (Capital One use case)
  • Detect Server Side Request Forgery conditions
  • Detect security misconfiguration
  • Hardcoded database URIs, etc in code
  • SCRIPT NAME

  • USE CASE

  • Identify Class Hierarchy
  • Investigate relationship between derived classes to understand application behavior
  • Enumerate modifiers in Java
  • Verify if access modifiers of members of a class are in accordance with secure coding practices
  • Identify Call Chains
  • Identify call chains in the software; Where the data is coming from, Can the software be controlled?

Demonstrate Compliance

Ocular includes templates help comply with regulations such as FISMA, PCI-DSS, GDPR, CCPA, MISRA and many others.

Demonstrate Compliance
Analyze the Entire Application

Analyze the Entire Application

Custom code is often less than 20% of an application - modern applications are increasingly reliant on external code for non-differentiating features. Simply matching version strings of dependencies to CVE lists is not efficient since it doesn’t take into account how the dependency is actually used and whether the CVE is reachable. Ocular works across the entire application stack including custom code, frameworks, open source, 3rd party dependencies, and APIs.

Learn More
Easily integrate into your existing workflows

Easily Integrate into Your Existing Workflows

Ocular integrates with all major code repos and CI systems and can run queries on your application as part of the development cycle. Security teams can define organization wide policies and these can be automatically enforced for every single product update. Ocular also helps with regression testing and ensuring that old vulnerabilities are not re-introduced.

Language Support

Ocular currently supports applications written in Java, Javascript, Java Server Pages (JSP), Scala, C#, C, C++, LLVM, GoLang. Python, Swift are coming soon.

  • Java
  • Javascript
  • JSP
  • Scala
  • C#
  • C
  • C++
  • LLVM
  • GoLang
  • Python
  • Swift

Key Integrations

Logos from the top CI tools, code repositiories and trouble ticketing tools such as:

Key integrations

Free for an Unlimited Number of Apps & Frameworks

ShiftLeft Inspect is free for up to 200,000 lines of code and 300 scans per year.

Get Started