InfoWatch APPERCUT is a
web service that automates
business application source
You simply go to the website, load your source code and immediately receive a result that does not need a computer science degree to understand. You find the nasty surprises left by insider programmers within minutes.
There are no expensive installations and unwarranted expenses for external code auditing.
The product is Static Application Security Testing (SAST) code analyzer. Because of an integrated code normalizer it does not require special code preparation and is, theoretically compatible with any business application programming language. At the moment InfoWatch APPERCUT supports ABAP/4, Java,PeopleCode. We also available for additional language normalizer development, should your company require it.
The system contains a regularly updated database of digital fingerprints of known backdoors. It instantly compare the application code to the fingerprints and does not require the application to actually compile. InfoWatch APPERCUT ignores all overall program logic and scans whole applications as well as code snippets, up to single lines, equally effectively.
Why it’s important
In 90% of the cases, large and medium enterprises tailor business applications (such as ERP, CRM, billing, automated banking systems, etc.) to their particular needs. These, of course, include internal standards and business process compliance, as well as integration with the existing IT infrastructure. After this process, the finished system barely resembles the original product. From time to time, companies create their own business applications from scratch, using internal or external contractors.
The original publisher is, of course, responsible for the quality of published business applications, while the mass usage guarantees public control. It is also nice to believe that government certification also helps to keep the software “clean”. And yet, the full nature of tailored and modified products or those with outsourced “polishing” done to them is a mystery known to the programmer alone. What is stopping a developer from secretly introducing undocumented features (backdoors) to the final code? Nothing but his own conscience and principles.