Effectively control the risk carried by your applications
YAGAAN addresses both new entrants in application security looking for a secure coding supporting tool and mature organizations looking for an alternative or complementary solution to the market leaders. With the YAG-Suite, both will optimize their software risks whith an efficient and economically scalable product.
The YAG-Suite gives you a visibility on the level of risk that the analyzed source code carries. Its executive dashboard outputs a global risk score, estimated based on the detected vulnerabilities, and corresponding to the level of satisfaction of the secure coding best practices set up in the development process, such as the one collected in well established repositories such as OWASP Top 10, SANS Top 25 or PCI DSS.
Those results are also aggregated in a web dashboard which summarizes the global security status of your application park.
Supporting the "secure coding" teams' skills development was one of the main rationale for designing the YAG-Suite. The innovation carried by YAGAAN makes it possible to present the developers intuitive and educational diagnostics so that they can understand all the causes of the detected vulnerabilities. Support provided by the YAG-Suite does not stop there and provides the user with remediation recommendations to fix warnings individually or in batches (best fix) to optimize risk reduction effort.
Those developers developers who are not yet secure coding experts get a 'learn while working' experience in their own development project.
With YAGAAN's innovation, the tool provides unique decision making information which assist development teams in their efforts to focus efficiently on the vulnerabilities that really matter. Each vulnerability warning is associated with two scores, automatically processed by the YAG-Suite : One assesses the warning relevance and helps the user to focus on the true positives and the other one is a CVSS score, contextualized for each warning, in order to identify which vulnerabilities will have the most critical impacts in case they are exploited by an hostile.
Thanks to this prioritization information, teams quickly focus on highest priority issues without spending time on less critical problems, or even on false positives. Whatever are your developement project resources and your time to market constraints, you are sure that the time spent on fixing application security issues has been efficiently used: the most critical issues have been processed and false positives discarded, your residual security debt is under control !
The uniqueness of the YAG-Suite also consists in its ability to adapt to your business specific context. It reveals through two aspects:
The product is customizable by the security expert to extend the standard detection repository with your own business related sensitive data and to cover your own corporate secure coding best practices.
The product's initial behavior can be tuned with respect to your own risk assessment to adapt to your perception od risks (false positives reduction, CVSS criticality adjustment, etc.).
The simplicity of customizing the YAG-Suite repository makes it an agile tool that will adapt to your own specific needs.
Finally, those who outsource their developments to subcontractors will be assisted in their owner/subcontractor relationship : of course the YAG-Suite will score the level of cyber risk carried by the delivered application at the acceptance time, but prior to that it supports you in capturing the project's specified application security requirements, at start time, and in verifying that they are met at the time of delivery: any remaining vulnerability that has an impact on the requirements will be automatically spotted.