VUSC – the Code Scanner

Scan software, detect vulnerabilities

Is the software to be purchased for your own company secure? Is the work of the external software developer error-free? Is the app you developed yourself really secure? VUSC answers these questions quickly. The file to be examined is simply loaded into the scanner by drag and drop, and a few minutes later VUSC displays the result of the security check. The Fraunhofer scanner does not need the source code for this, nor must the software to be checked be sent to external servers.

Finding and assessing vulnerabilities

VUSC finds security vulnerabilities and provides a generally intelligible description of the problem for each vulnerability. In addition, VUSC automatically classifies the vulnerabilities. This allows users to see at a glance whether the vulnerability found represents a high, medium or low risk. This clear prioritization allows VUSC users to fix the most serious issues first. In addition, VUSC provides a wealth of detailed information on the vulnerabilities found: What data is affected? Where is the data being sent to? What type of encryption does the tested software use? This gives VUSC users an overview of specific risk factors. If necessary, Fraunhofer also adapts the scanner to company-specific security requirements.

VUSC supports companies in …

  • the security evaluation of third-party code
  • quality assurance in software development
  • the evaluation of open source products
  • compliance / data protection analyses (DSGVO)
  • risk management
  • due diligence

Who is VUSC suitable for?

  • decision makers in IT departments
  • corporate security teams (CERT/SOC)
  • software developers
  • app store-/shop operators

Supported platforms

  • Android apps
  • iOS apps
  • Java:
    • Java programs
    • Java Webstart applications
    • Java Enterprise applications

Our services

  • on-site installation (on premises)
  • hosted service on request
  • flexible license model (quantity scale, free control scan after troubleshooting, etc.)
  • customized security analysis: company-specific requirements can be integrated into the scanner
  • senior level support (direct access to expert know-how)
  • specific advice on the elimination of flaws and vulnerabilities

Which vulnerabilites does VUSC detect?

VUSC ­– the code scanner detects at the moment about 200 vulnerabilities in the following categories:

  • Insecure cryptography
  • Insecure network connections
  • Passwords and secrets in application code
  • Insecure storage of files
  • Insecure use of databases
  • Insecure communication between processes
  • Insecure use of log files
  • Insecure third-party libraries
  • Insecure configuration and use of permissions
  • Unified user interfaces
  • Insecure reload of code at runtime
  • Quality defects in the application code
  • Insecure code signature