A Google Maps-Like Approach to Code Exploration

Ocular leverages the power of the Code Property Graph (CPG) to map how information flows from sources to sinks and all data transforms in between. Analogous to the way Google Maps provides a representation of your unique geographical location, the various routes available and possible destinations. Ocular provides code auditors and reviewers with a platform to construct, and tune powerful, highly customized queries for interactive interrogation of their unique code bases and environments. Ocular enables code auditors to apply their own knowledge of their unique code and any inherent business logic to precisely identify more challenging and complex vulnerabilities, such as those dependent on a series of conditions across the various components used to construct the current build of the application. Ocular custom queries can also be repurposed and automated for use as “policies” in managing security profiles.

A comprehensive REPL to explore far deeper than grep

Ocular provides a customizable Read Eval Print Loop (REPL) approach to iteratively interrogating code. Analysts with more sophisticated code exploration needs, can leverage the comprehensive CPG graphical mapping to create highly specific and targeted queries, bypassing common sources of false positives. Examples include the ability to identify any custom sanitizations present in the code, where user input is properly secured, and the presence of any indirect data flows, where user input is not directly used in a sink.

Detect backdoors, sabotage or just plain innocent mistakes

Ocular custom queries can help you discover a number of conditions, that legacy solutions simply cannot, such as:

  • Embedded shell commands
  • Hidden commands, parameters and options
  • Logic mistakes in how currency is handed, such as - penny shaving, risk limits, credit card details management
  • Errors or exception handling mistakes that expose the systems to the risk of exploitation

Leverage pre-annotated policy libraries

Ocular comes pre-loaded with annotations for common open source libraries and frameworks. Possible attacker-controlled data sources and interesting sinks are tagged in the graph automatically, and flow descriptions exist to scan for common vulnerability patterns. Ocular users can provide additional annotations to extend supported frameworks and libraries or encode additional vulnerability patterns.

Integrate into devsecops pipelines

Ocular integrates with popular tools deployed in modern SDLC environments. For example, Ocular can be integrated with CI tools (Jenkins, CircleCI, etc.) to insert security regression tests that pass or fail builds. Ocular query results are also exportable via JSON to make custom integrations as easy as possible.

From custom queries to automated policies

Ocular custom queries can be converted into policies, or “recipes”, for reuse and automated insertion into pull requests, and build, or release cycles.

Detect Business Logic Vulnerabilities

Detect business logic vulnerabilities

Ocular queries accelerate the process of examining the various software elements and flows to identify complex business logic vulnerabilities, that can't be scanned for automatically, such as PII that goes unencrypted at rest, abuse of functionality, insufficient process validation, and other common examples as defined by the OWASP.

Detect Business Logic Vulnerabilities

Quickly identify code weakness

Inspect is uniquely able to detect code weakness, such as methods with too many parameters, improperly sanitized inputs, duplicate code, and inconsistent naming.

Quickly Identify Code Weakness

A legacy of complex vulnerability discovery

Ocular, and its earlier open source predecessor, Joern, have a legacy of finding complex and difficult to find vulnerabilities. Read the Ocular Datasheet to learn more insights, along with detailed code examples.


Language Support

Ocular supports Java, C#, C, C++ and Scala. GoLang, Javascript, Python and Swift are coming soon.

Ocular Language Support