Secure code generation tool — Introducing Vanth Security

Alejandro Rueda
VanthSecurity
Published in
4 min readMar 21, 2021

Secure code generation tool — Introducing Vanth Security

Programing a safer World

Over the years, more and more companies are taking secure development into account, but even so, there are still a large percentage of developers who do not take into account the main vulnerabilities found in applications from the beginning, due to lack of time or lack of knowledge.

What is Vanth Security?

Vanth Security is a cybersecurity tool, designed for developers and cybersecurity analysts that enables the development of secure applications through its code generation and modelling technology which is easily integrated into the software development cycle.

Its value proposition is based on a cybersecurity tool capable of preventing, analysing and solving vulnerabilities in a customized way, thanks to code generation and modelling. Saving time and costs.

How does Vanth Security work?

Vanth Security is a project that started to be developed at the beginning of January 2020 in response to the need for a tool that focuses on the prevention, detection and analysis of vulnerabilities.

Focusing on the first development phase of the secure software lifecycle. Vanth security modelling, the first of several products, focuses on the early design and development phases of functional testing, offering developers the possibility to develop the foundations of any software in the most popular languages.

Developers will be able to download the code by generating the selected front-end and back-end language separately. Starting from the generation of a secure core, the developer will be able to continue programming and customising the application code.

What components will you find in Vanth?

  • User management

Centralises all user and resource management for the project. It contains all the necessary functions to guarantee authentication, in addition to the identifier and password attributes. Adding this entity ensures that only those with permissions can access the resources.

  • Entity

An entity represents a person, an object, etc. within a database. Within it, it contains a number of attributes or properties. In the case of properties, you can indicate whether you want them to be encrypted, for cases that contain sensitive data. Each entity has its corresponding CRUD functions, taking into account its relationships (OneToOne, OneToMany and ManyToMnay). Its representation is easy and intuitive, in addition to visually displaying the properties and attributes that make up the entity.

  • Roles

Based on the entity-relationship model, each role shows the role it plays in an entity. That is, it defines the functions within each project.

Each role has specific permissions for each entity, which can be related in an intuitive and easy way, by selecting the entity that corresponds to each permission on the right hand side of the screen.

As we mentioned before talking about entities, once you create the entities, you can assign roles to the entity and apply them to the whole project.

  • Code Generation

Once you have made the design of your application, you have created the core from which your software will start. Vanth Security offers the possibility to generate the code of your application, both the front and back-end part, being able to select the language you want for the front part and for the back part separately. In a few seconds you can enjoy the generated code to modify it to your taste. (Currently we have some of the most used in our next steps, we have the incorporation of more).

We use technologies and rules that we have developed, in order to be able to easily adapt the code generation to various programming languages.

  • Security testing

For the tool, security is the most important aspect, so we add a layer of value to the code generated by vanth security by adding security unit tests. These tests help to detect that the application is working properly and ensure that what is being developed complies with the security standards during the development phase. For example when PHP code is generated in PHP, the security unit tests are generated in PHPUnit. The tests check aspects such as the following:

- Code Injections

- SQL Injection

- Access to resources without permissions

- Performing actions without permissions

- Correct authentication of users

- Checking if data is encrypted

The unit tests will increase, and each of the entities has certain tests associated with it.

  • In the cloud

Create your project from the cloud, share it with your team and generate secure code saving time and money.

  • User-friendly interface

The design is in phase 0.0.1 with the design we aim to facilitate the work of developers

  • JWE authentication

It generates with a click the authentication of the application, which is one of the fundamental pillars of security, preventing any cybercriminal from carrying out actions for which he/she does not have permission.

Next steps:

- Connect it GitHub

- New languages.

- New components

- New authentications.

In the next article I will go in depth into the code that the tool generates.

If you are interested and would like to test the tool or be part of the team.

https://vanthsec.com/

https://es.linkedin.com/company/vanthsec

--

--

Alejandro Rueda
VanthSecurity

Application Security | Software Engineer | Researcher