The Threat Stack AppSec Monitoring runs as a “micro-agent” to watch code as it executes. It sends critical telemetry to the Threat Stack platform, which notifies developers if it finds secure-coding mistakes — for example, the use of weak cryptography — and will provide explanations and code examples for fixing them. Once embedded into the codebase, the agent stays with the app throughout its lifecycle.
In a production environment, Threat Stack Application Security Monitoring watches application payloads for malicious behavior. With its full application context, AppSec Monitoring can block attacks, like cross-site scripting and injection attacks, in real time and with high precision.