Find vulnerabilities in your code—don’t wait for someone to exploit them

All-new Dynatrace code-level vulnerability detection evaluates all requests passing through your applications.

Continuous security evaluation of deployed applications is crucial in today’s world because the digital landscape is increasingly complex, and the threat of cyber-attacks is rising. With the increasing amount of sensitive information stored and processed, it’s essential to ensure that systems are secure and protected against potential threats.

Organizations need to identify vulnerabilities and weaknesses in their applications before malicious actors can exploit them.

This helps protect sensitive information but also helps maintain the trust of customers, partners, and stakeholders. Security evaluation also helps organizations comply with regulatory requirements, which usually mandate the protection of personal data. However, organizations face several challenges with current security testing practices, including:

  • Limited resources: Across the globe, it’s increasingly difficult to find and allocate the necessary personnel to do thorough security testing.
  • High false-positive rates: Traditional security testing tools generate numerous findings. Each must be evaluated by development teams, leading to wasted time and effort in identifying real vulnerabilities.
  • Keeping up with evolving threats: The threat landscape is constantly evolving. New attack vectors or permutations of known attack methods are discovered regularly, making it difficult for security personnel to keep up and effectively test for all threats.

All-new Dynatrace code-level vulnerability detection

All-new Dynatrace code-level vulnerability detection evaluates all requests passing through your applications to identify vulnerabilities. The deep insights into application code provided by OneAgent® help track potentially vulnerable data flow within an application. Combining these insights with Dynatrace Smartscape® topology lets you assess the impact of potential threats on the system more accurately.

Code-level vulnerability detection complements the current functionality range of Runtime Vulnerability Assessment by moving beyond the detection of known vulnerabilities in libraries and other third-party components into detecting unknown and zero-day weaknesses in your code.

This approach differs from other security testing solutions, which rely on pre-written scripts and tools or manual tests and checks to identify security weaknesses. For example, a developer or tester can come up with a test for all problematic cases they can imagine. On the other hand, Dynatrace code-level vulnerability detection uses real user-generated data to evaluate all code paths that are touched during runtime. Automatically identifying exploitable vulnerabilities helps you proactively fix code weaknesses before they can be exploited by malicious actors.

Code-level vulnerabilities Command injection detected by Dynatrace screenshot

Code-level vulnerability detection provides deep insight into each detected vulnerability:

  • Location of the vulnerability in your code
  • Affected processes
  • Context and details based on the vulnerability type
  • Potential impact assessment based on your environment topology

Code-level vulnerability detection is currently available for Java processes. Our first area of focus is vulnerability injection, so command injections, SQL injections, and Java code (JNDI) injections are supported. We continuously improve coverage, so expect to see more technologies and vulnerability types introduced soon.

Detection of code-level vulnerabilities is equally important in pre-production and production environments

Catching a vulnerability during the development cycle greatly reduces the cost of fixing that vulnerability. On the other hand, monitoring what real users do with your applications in production provides insights that go well beyond what pre-production testing can do and helps uncover vulnerabilities in code paths that were not addressed by the testing process. Code-level vulnerability detection was designed to carry a product-ready performance footprint, so feel free to turn it on throughout your environments.

Code-level vulnerability detection shows previously unknown vulnerabilities in your code and the libraries you use. It also helps you prioritize your remediation efforts and strengthen your overall security stance.

How to get started

Are you ready to turn every internal test and user request into a security test?

Code-level vulnerability detection for Java is available with Dynatrace version 1.260 and OneAgent version 1.259.