Enter your keyword

Static Code Analysis – Checkmarx

Checkmarx

Checkmarx - Choose what developers use

According to a recent study conducted by 7Safe on 64 real incidents, 86% of cyber attacks are performed on applications versus networks while only 11% of security spending is geared towards application hardening.

Applications are marginally protected by application firewalls. Methods like vulnerability detection using Dynamic Testing which are simulating attacks on the running applications cannot identify all the problems nor can it show how to fix them.

It comes as no surprise that Gartner’s 2011 Magic Quadrant for Static Application Security Testing (SAST) states that, “SAST should be considered a mandatory requirement for all IT organizations that develop or procure application”.

WHY STATIC CODE ANALYSIS?

Static code analysis (SCA) delivers security and the requirement of incorporating security into the software development lifecycle (SDLC). It is the only proven method to cover the entire code base and identify all the vulnerable patterns using static code analysis tools. In static code analysis the entire code base is abstracted and all code properties and code flows are exposed. Checkmarx goes beyond all other static code analysis tools and store all these code properties in an open and query-able data base.

Cyber attacks have certain identifiable patterns and finger prints. A secure SDLC process integrates static code analysis in order to match suspicious patterns with code properties. The auditors and developers have immediate access to the problem and can mitigate it easily.

Checkmarx innovated an open platform using Static code analysis overcoming many shortcomings of other static code analysis tools. We provide user friendly, highly productive, flexible and accurate risk intelligence platform.

Features

cxs01

Fluent in All Major Languages

  • Supports 20 coding and scripting languages and their frameworks
  • Coverage for the latest development technologies
  • Zero configuration to scan any language

Comprehensive Vulnerability Coverage

  • Identifies hundreds of known code vulnerabilities
  • Ensures coverage of security standards (OWASP Top 10, SANS 25 and more)
  • Addresses industry compliance regulations
cxs02
cxs03

Save Precious Remediation Time

  •  Unique “Best Fix Location” algorithm fixes multiple vulnerabilitiesat a single point
  • Any developer can do it
  • Tons of time saved for developers!

Effortless Scan = Ease of Use

  •  No complex command-line or wizards required
  • No dependencies need to be configured
  • No learning curve when switching between languages
  • Just throw code at it!
cxs04
cxs05

Fast Feedback Loop

  • Incremental scan capability only analyzes new code or modified code
  • Reduces scanning time by more than 80%
  • Ideal for continuous integration

Provable Results

  • Provides reasoning and proof with all results
  • Shows the underlying Scan Rule to provide root cause
  • Enable by Checkmarx Open Scan Engine
cxs06
cxs07

Flexible Rules = High Accuracy

  • Adapt the rule set to your proprietary code and minimize False Positives
  • Expand the rules to your own compliance requirements and coding best practices
  • Understand the root cause for each result

Automatically Enforce Your Security Policy

  • Seamlessly integrates with all IDEs, build management servers, bug tracking tools and source repositories.
  • Becomes an integral part of SDLC
  • Aligns security testing with quality testing.
cxs08
cxs09

No Developer Downtime

  • Scan on server instead of developer’s workstation
  • No slowdown or lockup while scans are running
  • Developers can continue working on their machines with no interruption

Open Source Analysis

  • Inventory: which open source components are used?
  • Security: which known open source vulnerabilities exist and how to fix them
  • Legal: ensure open-source license usage compliance
cxs10