SAST – Static Application Security Testing
Scan uncompiled / unbuilt code and get a detailed security vulnerabilities report.
Checkmarx is a Security Testing (SAST) tool, supporting you to find security leaks, quality issues, compliance violations and more early during development or when testing later with a support for a variety of computer languages and frameworks.
Supported languages: APEX, ASP, Android, C/C++, C#/.NET, Groovy, HTML5, Java, Javascript, Objective-C, Perl, PHP, PL/SQL, Python, Ruby, Visual Basic 6.0, VB.NET.
CX Suite
Checkmarx CxSuite is a highly accurate and flexible source code analysis product that allows organizations to automatically scan un-compiled / un-built code and identify hundreds of security vulnerabilities in the most prevalent coding languages.
CxSuite is available as either a standalone product but can also be effectively integrated into the SDLC process and streamline the detection and remediation process.
It is available OnPremise, or OnDemand via as a private / public cloud.
CxSuite is trusted by hundreds of the world’s largest software vendors, financial and government organizations and top consultancy firms
SDLC Integration
Checkmarx enables organizations to integrate static application security testing into their SDLC.
It integrates with the most common source repositories, build management servers, bug tracking tools and have plugins for the major IDEs. It also offers a comprehensive web service based API to support additional integration capabilities.
The benefits of a fully integrated SAST model are:
- Security team focuses on setting the policy, and using Checkmarx to enforce it automatically.
- Quick security testing of the recent code fragments added, means any findings are remediated while everything is still fresh in the developer’s mind. This significantly reduces costs, and eliminates the problem of having to deal with many security vulnerabilities close to release date.
You can use Checkmarx SAST with other static & dynamic commercial and open source tools using CodeDX or Threadfix.
Supported Vulnerabilities
- SQL Injection
- Cross-site scripting
- Code injection
- Buffer Overflow
- Parameter tampering
- Cross-site request forgery
- HTTP splitting
- Log forgery
- DoS
- Session Fixation
- Session poisoning
- Unhandled exceptions
- Unreleased resources
- Unvalidated input
- URL redirection attack
- Dangerous Files Upload
- Hardcoded password
- And more…
Supported Standards
- OWASP Top10 2013
- OWASP MobileTop 10
- SANS 25
- PCI DSS
- HIPAA
- Mitre CWE
- And more …