ShiftLeft has released a tool enabling businesses to independently benchmark and validate the accuracy of ShiftLeft CORE using the Open Web Application Security Project (OWASP) Benchmark Project, a Java test suite designed to evaluate the accuracy of vulnerability detection tools.
The OWASP Benchmark test suite is a sample application made up of thousands of actual instances and false positives of vulnerabilities spanning 11 categories. Evaluating a tool against the OWASP Benchmark provides a window into that tool’s ability to find vulnerabilities while reducing false-positives.
With a true-positive rate of 100% and a false-positive rate of 25%, ShiftLeft CORE is the static application security testing (SAST) tool when it comes to OWASP Benchmark score. To help businesses easily verify these findings, ShiftLeft has built in the OWASP Benchmark as a demo app on its platform, enabling cybersecurity decision-makers to run it in just a few clicks.
“Organizations are overwhelmed with options when evaluating new cybersecurity tools. Even once you’re past initial feature comparisons, it’s time-consuming to build a proper test environment and can be difficult to replicate scores claimed by vendors,” said Alok Shukla, Vice President of Product Management, ShiftLeft. “We truly believe in ShiftLeft CORE’s ability to outperform the competition. That’s why we’re presenting organizations with a way to easily benchmark ShiftLeft independently.”
The ShiftLeft CORE platform is built around ShiftLeft’s NextGen Static Analysis (NG SAST), a modern code analysis solution designed to support developer workflows.
Powered by ShiftLeft’s unique Code Property Graph (CPG) engine, ShiftLeft CORE combines many representations of source code into a single, queryable graph database to understand the full ﬂow of information across an application or service. This adds valuable context that accurately reduces false positives while prioritizing vulnerabilities based on reachability.