Reshift Security

Thanks a lot @hnshah for hunting us 🙌 Hi Everyone! ✋ Sherif Koussa here, Founder @ Reshift Security. I have been a developer, a software security auditor at a large bank, a hacker and an OWASP Chapter leader. Being a developer for 8 years and working directly with developers to help them secure their code for another 13 years, a few things became super clear to me: - Developers are cognitively overloaded with too many frameworks, technologies, and languages 🧠 - Software development and deployment speeds are 100x faster than they were 10 years ago 🚀 - Application security responsibility is falling on the laps of developers hence the “Shift Security Left” movement ⏪ - Existing tools are slow, inaccurate, expensive and/or ineffective 🐢 In 2019, we set out to change that. We created Reshift , a developer-first security tool that helps developers find and fix vulnerabilities in their custom code. Reshift is different from existing tools in the following categories: 1. Developer UX: Reshift is built from the ground up to help developers focus on writing and shipping secure code faster 🚀 2. Scanning Speed: Reshift uses DataLog technology which is 30x-40x faster than existing technologies 🚀 3. Findings Accuracy: Reshift’s comprehensive set of rules helps developers focus on the most important security bugs 🚀 I would love your feedback. Myself and our whole team will be responding all day and look forward to hearing your thoughts! We’re excited to help teams shift security left! I know I’ve had my fair share of success and horror stories helping clients integrate security earlier into the software development lifecycle. What has been your experience shifting security left? Meet the Team 2:00 - 3:00 EST Zoom Link: https://us02web.zoom.us/webinar/... Reshift Community: Join Reshift Community Slack channel to speak directly to our engineers and meet other security-minded developers, share what works and what doesn't in shipping secure code faster. We also schedule free educational webinars exclusive to our community. See you there!

Congrats Sherif - this is a big release in an increasingly critical field.

Quick poll for your engineering team: How many developers feel code security is important? (everyone raises their hands 🙋‍♂️🙋‍♀️) How many developers feel like they aren’t security experts? (likely also 100%🙋‍♂️🙋‍♀️) How many of them like fixing security bugs? (probably none of them 🐞❌) We hear this all the time from development teams. A developers job is to write and ship new features. Security is often a priority, but it is challenging to implement and often overloads the developer with more work that inherently slows down releases. Excited Reshift is looking to change that and make shifting security left easier for developers!

I had been eagerly awaiting Javascript support since it was announced as NodeJS has become such a key part of our product platform. While we are just beginning our journey with ReShift and NodeJS, so far the scanner has been fast, and has not generated useless noise which is always the bane of automated code analysis.

Static code analysis for security has evolved, however little slower. Seeing reshift delivering result, effectively, and faster with very low false positives, made a solid impression in this domain. Developer like security, only and only when their speed to production is not slowed down in any way. I think, Reshift team, has kept this point in mind and fine tuned its operational performance. Continuous feedback, and in a shift-left way has been proven to increase the developer maturity in AppSec, in an iterative fashion. Having a product that fits in so well in this niche area is rare in this SAST domain. Thanks, Sherif, for doing a great job at this. All the best to you guys! I trust you would add more language support in the coming days, and help Developers at large. Thanks!

Reshift's Javascript support has been a valuable aid to me when writing secure code for critical application features. Thank you for making this available to us!

An incredibly important tool to help developers create and learn about producing secure code from a dedicated team who can make it happen.