No Security Software works sitting on the shelf
The best security software in the world isn't going to protect you from attacks if it's collecting dust on the shelf months after you bought it. An absolute prerequisite for any application security testing program to work is developers' adoption.
Fluent in All Major Languages
Checkmarx Static Code Analysis supports 20 coding and scripting languages and their frameworks
Coverage for the latest development technologies
Zero configuration to scan any language
Comprehensive Vulnerability Coverage
Identifies hundreds of known code vulnerabilities
Ensures coverage of security standards (OWASP Top 10, SANS 25 and more)
Addresses industry compliance regulations
Save Precious Remediation Time
Unique “Best Fix Location” algorithm of CxSAST static code analysis fixes multiple vulnerabilities at a single point
Any developer can do it
Tons of time saved for developers!
Effortless Scan = Ease of Use
No complex command-line or wizards required
No dependencies need to be configured
No learning curve when switching between languages
Just throw code at it!
Fast Feedback Loop
Incremental scan capability only analyzes new code or modified code
Static code analysis reduces scanning time by more than 80%
Ideal for continuous integration
Provable Results
Provides reasoning and proof with all results
Shows the underlying Scan Rule to provide roof cause
Enabled by Checkmarx Open Scan Engine
Flexible Rules = High Accuracy
Adapt the rule set to your proprietary code and minimize False Positives
Expand the rules to your own compliance requirements and coding best practices
Understand the root cause for each result
Automatically Enforce your Security Policy
Checkmarx Static Code Analysis software seamlessly integrates with all IDEs, build management servers, bug tracking tools and source repositories
Becomes an integral part of the SDLC
Aligns security testing with quality testing
No Developer Downtime
Scan on server instead of developer’s workstation
No slowdown or lockup while scans are running
Developers can continue working on their machines with no interruption
Open Source Analysis
Inventory: which open source components are used?
Security: which known open source vulnerabilities exist and how to fix them
Legal: ensure open-source license usage compliance
EMPOWER DEVELOPERS
AppSec Coach™ helps developers learn and sharpen application security skills in the most efficient way, because it is in-context and available on-demand. AppSec Coach is fully integrated into the CxSAST user interface so when developers encounter a security vulnerability they can immediately activate the appropriate learning session, quickly run through the hands-on training, and get straight back to work equipped with the new knowledge to resolve the problem.
SECURE CODING BEST PRACTICES
Along with the understanding that application security has to start during the development phase of the application comes the need to increase developers secure coding best practices techniques. More often than not, developers lack application security skills.
CONTEXTUAL LEARNING
Existing training solutions are ineffective and slow them from accomplishing their main task – writing code. Even if there is periodic security training, the knowledge gained usually fades over time, rendering the effort ineffective. Contextual training modules allow developers to receive on demand education relevant for their specific challenges.
DIGESTIBLE BITE SIZE TRAINING MODULES
Digestible bite size training modules - Rather than spending a whole day in a classroom, developers can increase their skills using 5 to 10 minutes sessions without leaving their work environment.
PLAY THE HACKER
Interactive – Through hacking and fixing a live demo application, the developer gets an interactive and engaging hands on experience along with a clear explanation on how to correctly fix the relevant vulnerability.
Open Source Analysis: Security Testing
Prevent vulnerabilities such as OpenSSL Heartbleed, Bash ShellShock and many others from impacting your application's security posture.
It is almost impossible today to develop commercial software products without relying substantially on open source libraries and components. Over the past few years, we've seen tremendous growth in the number of software capabilities offered in open source libraries, as well as the number of open source libraries embedded in each software product. However, while using open source components has many benefits, it also requires companies to manage and control the open source components they use, as well as the adoption process itself, to avoid a variety of legal, technical, and security risks.
Checkmarx Open Source Analysis (OSA) allows organizations to manage, control and prevent the security risks and legal implications introduced by open source components used as part of the development effort.
Key Benefits
Centralized Application Security
The only on-premise solution to deliver in-house code and open source components analysis "under the same roof."
Developer Adoption
Checkmarx OSA is designed for developers, by developers, making it accessible and intuitive for its intended audience.
Best of Breed
Wide language support and spot on open source component risk detection with Checkmarx OSA.
?
Protect Your Full Code Portfolio and Operating Systems
Analyzing outdated libraries, making sure licenses are being honored and weeding out any open source components which expose the application to known vulnerabilities, Checkmarx OSA provides complete code portfolio coverage under a single unified solution and with no extra installations or administration required. Rather than frustrating developers with long winded lists within PDF documents, Checkmarx OSA provides developers with a single holistic view of their application portfolio under the same platform.
Fluent in All Common Languages
Checkmarx OSA supports all the most common programming languages, enabling organizations to secure all their open source components in addition to the in-house developed code analysis coverage.
Easy to Use
Enhancing your code portfolio risk assessment coverage is merely a few mouse clicks away. With Checkmarx's Open Source Analysis, there is no need for additional installations or multiple management interfaces.
Simply turn it on and within minutes a detailed report is generated with clear results and detailed mitigation instructions.
Analysis results are designed with the developer in mind. No time is wasted on trying to understand the required actions items to mitigate the detected security or compliance risk.
