Our Deepest Source Code Analysis via Static Application Security Testing


Benefits of SiteLock® TrueCode™ SAST


How SiteLock® TrueCode™ Works


Vulnerability Detection in Custom or Third Party Code

According to the National Institute of Standards and Technology (NIST), 92% of vulnerabilities are in applications— the gateways to data. TrueCode Static Application Security Testing (SAST) identifies critical vulnerabilities such as SQL injection, cross-site scripting (XSS), and potential backdoors for hackers. TrueCode SAST allows you to fix issues before or after you launch and risk the application getting hacked — saving you loads of money in the long run.


Actionable Data

Rather than overwhelming you with a long list of vulnerabilities, we prioritize each issue and tell you which to fix first. For example, a high-severity flaw with a high likelihood of being exploited is potentially more dangerous than a high-severity flaw with a low likelihood of exploitation.


Deep Visibility

TrueCode examines applications the same way attackers look at them, only with more information on our side. Unlike a hacker who tries to break into your website by blindly trying every window and door, hoping you left one unlocked, TrueCode allows us to spot all those holes instantly by looking at the blueprints.


Adhere to Regulations

Many businesses today are required to conduct a regular code review to meet industry guidelines. If your business is required to meet PCI (if you accept online payments, this is you), HIPAA, or any other regulations surrounding IT security, TrueCode is an easy way to stay compliant.

TrueCode Static Application Security Testing (SAST), or "white-box" testing, finds common vulnerabilities by performing a deep analysis of your applications without actually executing them. TrueCode analyzes your source code to create a detailed model of the application's interaction with users and sensitive resources (such as your database or your customers). We then identify all paths through the application that represent a potential weakness. For example, if a data path through the application originates from an HTTP Request and flows through the application without validation or sanitization to reach a database query, then this would represent a SQL Injection flaw. We then deliver actionable information that helps you prioritize flaws according to severity so you can address them quickly.

How does SiteLock® TrueCode™
protect my website?


TrueCode SAST adds a unique and critical layer of security by protecting your web applications— where 92% of vulnerabilities reside. We have taken what has traditionally been a very expensive service available only to large enterprise businesses, and made it easy and affordable for smaller business owners to access.

Identify vulnerabilities and backdoors in custom and third-party code applications
100% comprehensive scanning
Examines code from top (interface with the user) to the bottom (interface with the database or OS)
Acts like a spell check, highlighting every vulnerability in the code (by line) and simplifying remediation
Complies with PCI and other industry guidelines that require a code review
Simplifies security by prioritizing the flaws to fix first