app checker

Who are we?02

LLC “Echelon Innovations” is a progressive company created by JSC NPO Echelon which is one of the largest Russian companies in information security.

The company was created for advanced research and developments. It is a participant of Skolkovo Innovations Center.

The purpose of AppChecker

АppChecker is a cloud analyzer of the program code intended for business processes automation.

The purposes of AppChecker:

03

trusted software development

software security control

detection of software code backdoors

program code quality review

Problem description

Nowadays it is necessary to monitor the code quality while software developing.

Even the largest software developers in the world regularly allow vulnerabilities occurrence in their software.

Weaknesses and vulnerabilities in application source code lead to developer financial and reputational risks, and also to risks of user data integrity, confidentiality and accessibility violation.

Automatic error detection on the development stage will reduce the development cycle, testing and correction costs, software developers and users risks.

04

AppChecker Technologies

Signature heuristic code security analysis on the basis of potentially dangerous constructions signatures

[Construction base is completely compatible with CWE (Common Weakness Enumeration) taxonomy]

Cloud access to AppChecker interface and API

Calculation of code statistics, software systems difficulty and security metrics

Data flow analysis

05

Competitors06

Model/product Stage Program languages Types of source code analysis

Variants

Fortify 360 SCA Sales >20static, dynamic,

interactivedesktop, private

cloud, public cloud

InfoWatch Appercut

Sales >20 staticprivate cloud, public cloud

PVS Studio Sales C/C++ static desktop

Positive Technologies Application

Inspector

SalesASP.NET, JavaScript,

Java, PHP, ABAP, PL/SQL

static, dynamic, hybrid

desktop

Echelon AppChecker

Development С/С++, Java, PHP staticprivate cloud, public cloud

Competitors07

Model/product Price, [RUR] Integration with CWE

Data flow analysis Cross platform code analysis

Fortify 360 SCAFrom 5,9

million a year+ + +

InfoWatch Appercut

n/a + - +

PVS Studio204 800 a

year- - -

Positive Technologies Application

Inspector

n/a - + +

Эшелон AppChecker

300 000 a year

+ + +

Competitive advantages08

Integration with CWE

Opportunity of collaborative work

Signature heuristic analysis method

Low price

Unified interface with AK-VS products.

Simple training process

Stage and prospects09

Stage•Subsystems of static and dynamic program code audit service analysis for C/C++, Java, PHP (including their last standards) have been developed•Subsystem of web-interface which allows a joint work of several experts has been developed

Prospects•Evolution of the source code analysis mechanisms for qualified search of such types of defects as a buffer overflow, incorrect operation with resources or different types of “injections” (SQL, command etc.)•Improvement of code review instruments for false alarms filtration simplification and for a joint work of several experts.

Potential clients

Software development companies

• ABBYY• DataArt• EPAM Systems• ICL Services• Intel• Luxoft• Microsoft• Oracle (Sun

Microsystems)• …

10

Companies which do their own internal development

• Russian Railways• Aeroflot• Rostelecom• Sberbank• …

Customer who check the executors work

Testing laboratories

Contact information

107023, Moscow, Elektrozavodskaya st., 24

+7 (495) 223-23-92 

8-800-100-05-02 (free call all over Russia) 

www.iechelon.ru

www.facebook.com/npo.echelon

support.akvs@npo-echelon.ru (technical support)

ext.skolkovo@cnpo.ru (all other questions)