OSSINT

TIMETRAVELER is one of our core technologies used to analyze the execution of software, particularly open-source software.

By integrating specialized analysis mechanisms into the code, we can obtain execution traces that help manage complex software version branches and combine a vast array of input samples and configurations.

Maximizing Time Efficiency

For security researchers and enterprises focused on studying software vulnerabilities, this technology can significantly reduce the time investment required.

Resource Acquisition

Instrumented programs with advanced logging capability
Various execution traces
A large volume of test cases

All be accessed within the OSSINT portal.

TIMETRAVELER utilizes #DAST-to-SAST technology to provide security rule pack for static analysis of applications, specifically targeting frameworks and third-party libraries.

False Negative

Most commercial static analysis software only operates at the level of programming language parsing. As a result, support for frameworks and third-party libraries is often incomplete.

This limitation affects both the call flow and data flow, leading to potential security vulnerabilities.

False Positive

Static analysis inherently lacks specific execution values and address information.

This leads to data flow paths that may appear correct, but the actual vulnerabilities are not exploitable.

Completing the Rule Packs

Through TIMETRAVELER's unique analytical capabilities, we can provide rule packs compatible with commercial software, specifically addressing unsupported packages.

DAST-to-SAST Technology Overview

Precision Propagation

The DAST (Dynamic Application Security Testing) approach generates precise execution traces that can automatically produce the rule pack required for SAST (Static Application Security Testing).

Automatic Tagging

With this technology, users no longer need to spend time manually tagging data flow contamination properties of third-party libraries within large codebases.

The automation provided by DAST can significantly reduce the workload involved in ensuring that these libraries are correctly assessed for security risks, allowing developers to focus on other critical tasks during the software development lifecycle (SDLC).

By combining DAST and SAST, organizations can enhance their application security posture, identifying vulnerabilities earlier and more efficiently than when using either method in isolation.

This approach not only improves security outcomes but also optimizes resource allocation within development teams.

SAST-to-DAST Technology Overview

Global Analysis through SAST

The entire software packages are pre-analyzed to obtain comprehensive call flows or data flows.

Vulnerability Recommendations

Global analysis result is fed back to DAST (Dynamic Analysis), which quickly provides vulnerability decision information within the executable paths that can be accessed, identifying unknown but adjacent paths.

SBOM

TIMETRAVELER Offers Rapid Analysis Capabilities for SBOM

The complexity of software package dependencies is significant, especially with the use of open-source software, which accounts for over 70%.

Utilizing Software Bills of Materials (SBOM) to assess cybersecurity risks in software development is gradually becoming an industry standard.

Industry Standard

Users can upload SBOM files, supporting both SPDX and CycloneDX formats.

Rapid Assessment

We can assist in matching the items listed in the SBOM table with the packages we are capable of processing to identify which ones align.

Software

(Total: {{ softwareProjectsLength }} projects)

Library

(Total: {{ libraryProjectsLength }} projects)

Portfolio

(Total: {{ packageProjectsLength }} projects)

Not found.

IMPORT SBOM (CYCLONEDX / SPDX)

UPLOAD