Dynatrace expands its Application Security module to include automated, AI-based risk assessment and vulnerability management for applications running on PHP, the open source server-side programming language widely used in web development. By automatically identifying the most critical vulnerabilities and providing code-level detail and prioritization based on business impact, DevSecOps teams can manage threats and reduce business risk.

The open source PHP scripting language is used by over 78% of all websites that use a server-side programming language. PHP is widely used in web development by leading social media companies, content management systems, and video conferencing brands. It ranks eighth in terms of GitHub pull request statistics. Due to the widespread adoption and rich ecosystem of PHP libraries available, all types of security vulnerabilities can be found in PHP applications.

Security teams struggle with manual approaches and lack execution information

Apps are a common source of security vulnerabilities but the prevalence of cloud-native, open-source, third-party libraries, and container runtime environments makes managing modern IT environments complex. False positives and false negatives have a huge impact on overall security, making it difficult to secure and update entire software stacks.

Many application security products were designed before the rise of DevSecOps, containers, Kubernetes, and multicloud environments and therefore cannot keep up with the rapid changes in these environments. As a result, security teams are grappling with:

• Manual processes-installation, configuration and invocation. Lack of automation to keep pace with dynamic clouds and rapid software development practices.
• Scaling issues– As organizations evolve, so must security. But existing solutions don’t always keep up with multi-version deployments, runtime container updates, or rollbacks. They also fail to aggregate real-time information across multi-cloud, hybrid clouds, containers, and Kubernetes clusters.
• Lack of context-Most vulnerability scanners do not provide execution context and key information as if the vulnerable code is being used at runtime. Comprehensive context, including application dependencies, network topologies, and business risk assessment based on vulnerabilities, exposures, and asset value, is required to manage software risk at scale. business.

Minimize security risks with automated software vulnerability management

Dynatrace takes a radically different approach to application security based on the notion that security based on a software intelligence platform can deliver superior results for cloud native applications. Unlike other solutions, Dynatrace Application Security is part of the larger Dynatrace software intelligence platform, which provides application and microservice monitoring, infrastructure monitoring, digital experience management, business analysis and cloud automation.

The Dynatrace Application Security module is optimized for modern cloud native environments and automatically detects and prioritizes vulnerabilities that pose the greatest risk to an organization using core Dynatrace platform technologies such as OneAgent, Smartscape, and Davis AI.

Automatic security of PHP applications with Dynatrace

Starting with Dynatrace version 1.225 and OneAgent version 1.207, you can detect runtime vulnerabilities and assess risk on Java, Node.js, .NET and now PHP on a single platform. Automated runtime vulnerability management is provided throughout the software development lifecycle from preproduction to production for every operating environment, including dynamic multiclouds and Kubernetes clusters.

Vulnerabilities detected for .NET, Node.js and the Laravel framework for PHP, all on a single platform.

The Dynatrace Davis AI engine aggregates vulnerability data in real time and recommends actions to improve the security of your environment based on:

• Number of vulnerabilities-on the whole stack, all on one platform
• Gravity-based on CVSS assessment of each vulnerability and runtime information
• The context-information on known public exploits for each vulnerability
• Asset exposure-indicates the exposure of the vulnerable code to the Internet
• Impact on business-shows the connection of processes to sensitive data

How to start

The Dynatrace Application Security module does not require any additional deployment, configuration, agents or scripts, and it is 100% automatic.