There are certain limitations when it comes to using Static Application Security Testing (SAST) tools on APL code:

• APL Code: APL (Analysis Programming Language) code is proprietary to MediationZone (MZ) and is tailored to its environment. Due to its specialized nature, Static Application Security Testing (SAST) tools are not equipped to effectively analyze APL code.

• Sandboxed Design: APL code is designed to operate within a sandboxed environment. It does not create threads or initiate external connections unless explicitly using built-in APL functions to integrate with third-party databases. This architecture minimizes potential security vulnerabilities related to concurrent processing and unauthorized external communications.

Recommended Security Measures

While SAST tools may not be suitable for scanning APL code directly, we recommend the following security practices:

Common Vulnerabilities and Exposures (CVE) Security Scanning

Focus on scanning third-party libraries and dependencies that your MediationZone environment uses.

Directories to Scan: 

Navigate to the MZ_HOME directory and target the following sub-directories for your SCA scans:

• lib

• Common/lib

• 3PP

• pico-cache (Most runtime JARs are located here)

By scanning these directories, you can perform checks to identify and mitigate potential risks from third-party components.

Dynamic Application Security Testing (DAST)

Schedule regular DAST scans to evaluate the runtime behavior of your deployment. This helps in identifying and addressing vulnerabilities that may not be detected through static analysis alone. DAST scans simulate external attacks on your live applications, providing insights into how your system withstands real-world threats.

Additional Support

Starting with MediationZone version 9, DigitalRoute offers the capability to provide SAST reports upon request. If you require detailed SAST analysis for specific components or have other security-related inquiries, please do not hesitate to contact our support team.