Static Application Security Testing Implementation

Last Updated Dated: 21st March, 2023

Summary

This document presents evidence that BeamFi has successfully implemented a Static Application Security Testing (SAST) process to identify and mitigate security vulnerabilities in our software applications. We have undergone periodic automated SAST tests using Snyk. One notable example of vulnerability detection and remediation is a Cross-Site Scripting (XSS) issue found in our frontend application. This issue was addressed during the early development stage using the node-esapi library recommended by OWASP. 

Periodic Automated SAST Testing Using Snyk

We have set up a scheduled, automated SAST process using the Snyk platform. The platform scans our codebase periodically to identify potential security vulnerabilities. The scan results are sent to the development team, who then address any identified issues.

Example: Remediation of a Cross-Site Scripting (XSS) Issue

During the early development stage of our frontend application, an XSS issue was identified by the SAST process. The development team promptly addressed the vulnerability using the node-esapi library recommended by OWASP. The following screenshots showcase the identification and resolution of the XSS issue:

Screenshot 1: Snyk report highlighting the XSS issue

Project Coverage

Our SAST process covers all critical components of our software applications, including frontend, backend, and API layers.

Screenshot 2: Snyk projects

Conclusion

We have effectively implemented a comprehensive SAST process to ensure the security of our software applications. Through the use of periodic automated testing with Snyk, we have been able to identify and remediate potential security vulnerabilities early in the development process. The example of addressing an XSS issue during the early development stage demonstrates the effectiveness of our SAST process in maintaining application security.