We wanted to take a moment to thank Bitnami for its recent blog about Code Dx. We partnered with Bitnami in July and our monthly free trial downloads have tripled since we went live! Bitnami is a marketplace that makes it simple to find popular server applications and development environments and deploy them in just a few clicks. They also realize the vast importance of deploying applications that are written securely, which is especially critical considering all of the high-profile hacking incidents in the last several years (Target, Sony, Anthem anybody?). In fact, a lot of high level attention is finally being paid to software security as a whole, both by industry and the government. The Department of Homeland Security (DHS), which wants to secure our country’s software supply chain, is funding substantial research in this arena including some of the work done to build Code Dx.
One of the reasons why software security is growing substantially in the marketplace is because so many applications are being deployed from the web today. That means that all of a sudden, any application deployed from the web has no firewall or intrusion detection system to protect the enterprise behind it. In fact, a little application for a company softball team can leave your backend wide open to cyber criminals that can access confidential backend databases as well as perform illegal activities using compromised sites. In addition, these web application attacks are carried out over HTTP and HTTPS, the same protocols used to deliver content to legitimate users.
Bitnami recognizes this issue which is why they were so “gung-ho” to have Code Dx be one of the first commercial tools hosted on their marketplace. They realized that web application attacks, both on free open-source software as well as commercial or custom-built applications, can have repercussions that can be far worse than traditional network-based attacks. So, the Bitnami and Code Dx teams worked together to make downloads of Code Dx more easily accessible worldwide. With three and a half billion people on the internet today, and over $200 billion in eCommerce sales in 2014, having customer-facing applications on the web is absolutely fundamental, enabling businesses to create profitable relationships with prospects and customers. But those applications have to be free of vulnerabilities that attackers can exploit and endanger an entire enterprise.
Writing secure code involves key operational processes for authentication, authorization, asset handling, input, and logging and auditing. However, building security into the software development lifecycle is very rare today as security is usually bolted on after the fact. Bitnami is partnering with Code Dx to not only standardize its deployment across local installation packages for OS X, Windows, and Linux but also to bring together the suite of code analysis tools needed to help you find and fix potential vulnerabilities in your software code before you release your software. Bitnami-packaged cloud and virtual machine images will follow in subsequent Code Dx releases.
This partnership is about making the whole process, from writing the application and building security into that application, faster and easier than ever before. For example, Bitnami automates the same steps that a user would do by hand such as substituting values in configuration files, running SQL scripts, and more. So, anybody can download the source code for the components, compile them, edit the configuration files, and create a stack or just go to Bitnami and all of that work has already been done for you. The Bitnami stacks include everything that is necessary to get the software up and running, so the user just needs to go to https://bitnami.com/stack/codedx to download the installer, making it much faster and easier to set up an application. For example, the Bitnami stack includes the latest version of Stat!, as well as the software for Apache, Apache Tomcat, Java and MariaDB.
When you download the Bitnami Code Dx Stack you’ll have a fully functioning version of Stat! loaded with the variety of tools needed to get a comprehensive view of the weaknesses in your application since each tool has different abilities. By correlating the results from multiple application security tools and aligning them on a common severity scale, Code Dx saves a significant amount of time and ensures that no stone is left unturned in the quest to provide secure applications for your users. Until now, the joke in the industry is that developers have become the power Excel users because they have to enter all of the vulnerabilities found by the different tools into an Excel spreadsheet and manage the remediation process by hand. With Code Dx, you only have to use one console with a common interface for all the tools so you don’t have to download, maintain and learn the intricacies of each tool just to test your application for its security posture. Add in the continuous applications development business environment of applications taking place in the industry today and the need for more frequent security testing is coming to the forefront.
Check out Bitnami’s blog post for a lot more technical details you might want, and then you can download a free 14 day trial of Stat! for up to three users on Windows, OS X and Linux through the Bitnami marketplace. And don’t forget to ask us any questions you may have as you move through the process of software security. It’s so new in the industry that everyone needs a little help here and there.