How It Works

HoundDog.ai’s scanner does not include secret detection (e.g., exposed passwords, API tokens, etc.), a feature available in most security code scanners.

• Continuously detect and prevent the exposure of PII data in plaintext within logs, files, tokens, cookies, and third-party systems. These vulnerabilities are overlooked by SAST scanners due to their inability to identify code logic that handles sensitive data, and have been the root cause of significant data breaches, leading to the exposure of cleartext passwords, password hints, and PII data for millions of records. Here is a sample of the vulnerability types covered by HoundDog.ai.
  • CWE-201: Information Exposure Through Sent Data
  • CWE-209: Information Exposure Through an Error Message
  • CWE-312: Cleartext Storage of Sensitive Information
  • CWE-313: Cleartext Storage in a File or on Disk
  • CWE-315: Cleartext Storage of Sensitive Information in a Cookie
  • CWE-532: Insertion of Sensitive Information into Log File
  • CWE-539: Use of Persistent Cookies Containing Sensitive Information
• Apply a proactive “shift-left” approach to privacy compliance and third-party application data flow tracking
  • Continuously track and visualize the flow of sensitive data (e.g., PII, PIFI, and PHI). Generate Records of Processing Activities (RoPA) with a few clicks and keep pace with PII changes at the speed of development.
  • Receive proactive alerts to avoid surprises caused by product changes introducing new PII without proper reviews or by third-party integrations that violate accepted data processing agreements. Catch these issues in development to avoid dealing with the more expensive repercussions when discovered later in production.

HoundDog.ai’s scanner includes an extensive library of predefined definitions for sensitive data, encompassing most PII, PIFI, and PHI data. However, for more comprehensive coverage, customers have the option to enable AI validation. Our AI workflow utilizes OpenAI, processing only the discovered tokens (e.g., names of classes, variables, functions, methods, etc.) to determine if they potentially handle sensitive data. The precision rate based on our testing against a large number of code repositories was on average around 95%.