Thanks to sophisticated development tools and practices that have emerged in recent years, application teams are producing code faster than ever. The downside is that the shorter release cycles become, the less time is left to check for potential security flaws.

ShiftLeft Inc. has taken it upon itself to address the challenge. The startup, which operates out of Santa Clara, California, exited stealth mode today with a security platform that can identify the weak points in an application and implement appropriate defenses.

The process starts during the development phase. ShiftLeft scans new code before release to find open-source components implemented in an insecure way, flaws that may expose application data and other common types of vulnerabilities. The platform can be configured to look for more subtle problems as well, such as code that violates a specific industry’s regulatory standards.

ShiftLeft brings positive hits to developers’ attention via automatically generated alerts. If a security issue doesn’t get fixed before the affected code is released, the second component of the startup’s platform takes up the torch.

The software creates what ShiftLeft calls a Microagent to protect the application in production. It’s a security shield that is automatically customized based on vulnerabilities found in the source code, the way data flows through the workload and other operational details. The Microagent uses this information to identify attacks that try to exploit potential application weaknesses.

When a breach attempt is detected, ShiftLeft not only finds what vulnerability the hackers target but also pinpoints the specific lines of faulty code responsible for the problem. The startup said removing the need to find the source of a security hole manually enables development teams to come up with fixes faster. From there, the software makes it possible to check every subsequent application release for new vulnerabilities.

ShiftLeft’s approach is backed by $9.3 million in funding. The capital was provided by a consortium featuring Bain Capital, Mayfield and several individual investors, including Sanjay Poonen, chief operating office of data center software giant VMware Inc.

ShiftLeft is one of several companies working to help development teams better uphold application security. Another is Checkmarx Ltd., which has developed a tool called AppSec Coach that can point out code vulnerabilities and educate programmers on how to avoid repeating their mistakes in the future.

Image: StockSnap