Dynatrace introduces automatic vulnerability management for PHP open source scripting language

Dynatrace extends its Application Security module to include automated and AI-powered risk assessment and vulnerability management for applications running on PHP, the open-source, server-side programming language that's widely used in web development. By automatically identifying the most critical vulnerabilities and providing code-level detail and prioritization based on business impact, DevSecOps teams can manage threats and reduce enterprise risk.

The open-source scripting language PHP is used by over 78% of all websites that use a server-side programming language. PHP is widely used in web development by prominent social media companies, content management systems, and video teleconferencing brands. It ranks eighth in terms of GitHub pull requests statistics. Due to the widespread adoption and rich ecosystem of available PHP libraries, all types of security vulnerabilities can be found in PHP applications. This makes vulnerability management a critical concern.

Security teams struggle with manual approaches and lack runtime insights

Applications are a common source of security breaches but the prevalence of cloud-native architectures, open source, third-party libraries, and container runtime environments makes the management of modern IT environments complex. False positives and false negatives drastically impact the overall security posture, making it difficult to keep entire software stacks secure and up to date.

Many application security products were designed before the rise of DevSecOps, containers, Kubernetes, and multicloud environments and so can’t keep up with rapid changes in these environments. As a result, security teams struggle with:

• Manual processes—installation, configuration and invocation. Lack of automation to keep pace with dynamic clouds and rapid software development practices.
• Scaling issues—as organizations scale, security must do the same. But existing solutions don’t always keep up with multi-version deployments, runtime container updates or rollbacks. They also fail to aggregate real-time information across multi-cloud, hybrid cloud environments, containers, and Kubernetes clusters.
• Lack of context—most vulnerability scanners don’t provide runtime context and key information like whether vulnerable code is used at runtime. Full context, including application dependencies, network topologies, and assessment of business risk based on vulnerabilities, exposures, and asset value are needed to manage enterprise-wide software risks.

Minimize security risks with automated software vulnerability management

Dynatrace takes a radically different approach to application security based on the notion that security built on a software intelligence platform can deliver superior results for cloud-native apps. Unlike other solutions, Dynatrace Application Security is part of the larger Dynatrace Software Intelligence Platform, which provides application and microservices monitoring, infrastructure monitoring, digital experience management, business analytics, and cloud automation.

The Dynatrace Application Security module is optimized for modern cloud-native environments and automatically detects and prioritizes those vulnerabilities that represent the greatest risk to an organization using core Dynatrace platform technologies such as OneAgent, Smartscape, and the Davis AI.

Automatic PHP application security with Dynatrace

Starting with Dynatrace version 1.225 and OneAgent version 1.207, you can detect runtime vulnerabilities and assess risks across Java, Node.js, .NET, and now PHP—all on a single platform. Automated runtime vulnerability management is provided across the entire software development lifecycle, from preproduction to production for every operating environment, including dynamic multiclouds and Kubernetes clusters.

The Dynatrace Davis AI engine aggregates vulnerability data in real time and recommends actions to improve the security of your environment based on:

• Number of vulnerabilities—across the full stack, all on a single platform
• Severity—based on the CVSS rating of each vulnerability and runtime information
• Context—information about known public exploits for each vulnerability
• Asset exposure—indicates exposure of the vulnerable code to the internet
• Business impact—shows the connection of processes to sensitive data

How to get started with PHP vulnerability management

The Dynatrace Application Security module requires zero additional deployment effort, configuration, agents, or scripts, and it’s 100% automatic.

• If you’re already a Dynatrace customer and would like to start using the Application Security module, go to the Dynatrace web UI and select Vulnerabilities in the menu.
• For more information about Dynatrace Application Security, see Dynatrace Application Security.
• To learn more about security risks that may affect your organization, read the blog post Dynatrace Application Security protects your applications in complex cloud environments.
• New to Dynatrace? Sign up for a fully-functional free trial.