Data Theorem Launches Industry’s First Full-Stack Application Security Analyzer to Prevent Data Breaches Across Modern Web and Cloud Services

New AppSec Solution Web Secure Automates Analysis and Remediation to Address Modern Web and Single-Page Application Security Issues that have Plagued the Industry for Years

PALO ALTO, CALIF

Data Theorem, Inc., a leading provider of modern application security, today launched Web Secure, the industry’s first full-stack application security analyzer that provides vulnerability analysis for modern web applications from the web-layer down to its embedded APIs and cloud resources. This new product enables DevOps and security teams to improve web application security testing for issues that have plagued the industry for years by both identifying and helping remediate potential data breaches in modern web applications, also known as Single-Page Applications (SPAs).

Most businesses use modern applications such as SPAs to deliver richer web experiences and better outcomes for customers. However, the current generation of web security tools are poorly suited to address these newer application frameworks, APIs and cloud microservices that are the underpinnings of these modern applications. This is evident by some of the well-researched application data breaches over recent years including Capital One, US Postal Service, and First American Financial. Despite being known for years, vulnerabilities in modern web applications built in the cloud have been widely unaddressed due to the full-stack nature of the attacks.

According to Gartner, “While perimeter-based protection still has a purpose, the changing software architecture demands reconsidering this approach. Cloud-based workloads, inside containers, mobile applications and single-page applications cannot benefit from protection inside the perimeter. There is a need for an approach that understands relationships between applications and application components. Perimeter-based protection cannot follow the flow of data from application to application, from API to API and from microservice to microservice.”1

Data Theorem’s Web Secure, powered by its award-winning Analyzer Engine, was designed specifically to help customers secure their modern web applications. The solution introduces a new type of dynamic and run-time analysis that is fully integrated into the CI/CD process, and enables organizations to conduct continuous, automated security inspection and remediation of their modern web applications. Building on the SPA features Data Theorem released in September 2019, the new Web Secure product provides several new automated hacking security toolkits that help customers understand the impact of vulnerabilities and exploits up and down the application stack, including SPA SQL injection, SPA XSS protection, and Toxic Tokens.

According to Gartner, “Applications in the age of digital business are very different. Cloud-native applications, containers, serverless, microservices, application programming interfaces, mobile apps and single-page applications all take the software logic and break it down into portions that run within a variety of untrusted environments. The security implications of this appear clearly by comparing a classic web architecture to a cloud-native one.” Gartner further mentions, “The examples of cloud-native applications and single-page applications clearly depict the problem at hand.”<sup class="note">1</sup>

Gartner also states “By 2021, 90 percent of web-enabled applications will have more surface area for attack in the form of exposed APIs rather than the user interface, an increase from 40 percent in 2019. API discovery is key to knowing what APIs exist.”<sup class="note">2</sup>

Organizations have long trusted Data Theorem for application security tools for mobile applications and APIs. However, with their existing modern web applications they often turn to a variety of traditional tools, scanners and web crawlers, as well as manual pen testers and consultants – methods which do not keep pace with required Agile software development speed. When building and deploying modern web applications using the latest JavaScript frameworks, web applications are constructed like mobile applications with dozens of backend API operations, which has been Data Theorem’s security area of expertise since its founding in 2013. Web Secure helps to round out Data Theorem’s AppSec portfolio to protect organizations from data breaches with application security protection for modern web frameworks, API-driven microservices and cloud resources.

“Full-stack security analysis has been missing from most modern web applications and the industry for years has needed a new approach to finding potential data breaches beyond the web application layer,” said Doug Dooley, COO at Data Theorem. “With our new Web Secure solution, DevOps teams and security professionals have the software service they need that provides end-to-end vulnerability assessment and remediation of their SPAs in an automated fashion.”

<p class="caption">Note 1 – Gartner, “Teach Your Applications the Art of Self-Defense,” by Dionisio Zumerle and Jeremy D’Hoinne. April 7, 2020. </p> <p class="caption"> Note 2 – Gartner, “How to Respond to the 2020 Threat Landscape,” by John Watts. June 17, 2020. </p>

Availability and Pricing

Data Theorem’s Web Secure solution is available today. Pricing starts at $3,000 USD per SPA annually. For more information, see https://www.datatheorem.com/products/web-secure.html.

Media Contact

Liz Youngs media@datatheorem.com (415) 763-7331

About Data Theorem

Data Theorem is a leading provider of modern application security, helping customers prevent AppSec data breaches. Its products focus on API security, cloud (serverless apps, CSPM, CWPP, CNAPP), mobile apps (iOS and Android), and web apps (single-page apps). Its core mission is to analyze and secure any modern application anytime, anywhere. The award-winning Data Theorem Analyzer Engine continuously analyzes APIs, Web, Mobile, and Cloud applications in search of security flaws and data privacy gaps. The company has detected more than 5 billion application incidents and currently secures more than 25,000 modern applications for its enterprise customers around the world.