Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[ITAS.VN]CxSuite Enterprise Edition


Published on

Sản phẩm CheckMarx-CxSuite.ITAS VietNam

Published in: Technology
  • Be the first to comment

  • Be the first to like this

[ITAS.VN]CxSuite Enterprise Edition

  1. 1. CxSuiteenterpriSe edition ® manage the risksCheckmarx Suite® is the most powerful Source Code Analysis(SCA) solution designed for identifying, tracking and fixingsecurity flaws from the root: the source code.CxSuite provides a high degree of flexibility andconfigurability by supporting a wide range of vulnerabilitycategories, operating system (OS) platforms, programminglanguages and frameworks. By integrating into the SoftwareDevelopment Life Cycle (SDLC), Checkmarx’s automatic codereview suite allows organizations to address the challenge ofsecuring the code while cutting down on time and costs.checkmarx patented CxSuite iS deSigned for accurate and effective reSultS:virtual compiler • The widest range of vulnerability checksScan unbuilt code - without a compiler • Virtually zero false-positive resultsThe Virtual Compiler enables developers to test code • Hundreds of out-of-the-box security queriesanywhere, anytime, while avoiding problems of compiler • Pinpoints business-logic flawsand operating system compatibility. Developers can test • Integration into the SDLC • Complete verification and tracking of each resultuncompiled and unlinked code, their independent modules • Graphical representation of discovered vulnerabilitiesor any other application subsets in a true developer desktopdeployment that reinforces good security awareness and it’S all aboutpractices as the code is writtenthe next generation of codeauditing accuracy Visualization of vulnerabilities is the key to quickOnly with Checkmarx can auditors test code at the earliest remediation of insecure code. The CxSuite presents all thestages of the SDLC. Further, auditors can easily conduct spot path details that describe the vulnerability’s full anatomy.checks without worrying about duplicating development A sophisticated patented engine locates and graphicallyenvironments. This is especially important for complex presents a full attack path in the code for quick review.legacy applications where auditors can quickly inspect code This feature allows user-friendly, effortless identificationwith no setup. of vulnerable lines of code for remediation.ITAS Corp • Telephone: +84-8-38931952 • Website: • Email:
  2. 2. induStry vulnerability claSSification:OWASP top 10 /SANS 20 / mitre CWEcomprehenSive vulnerability Severity categorization:High-risk / medium-threat / low-visibility / best-coding practice investigate the Scansout of the box vulnerability query SampleS:• SQL Injection • Session fixation• Cross-site scripting • Session poisoning• Code injection • Unhandled exceptions• Buffer overflow • Unreleased resources• Parameter tampering • Unvalidated input• Cross-site request forgery • URL redirection attack• HTTP splitting • Dangerous files upload• Log forgery • Hardcoded password• DoS • And more…CapabilitieS DeSCription anD aDvantageS countleSS Scalability featureS for effective integration into the Sdlc:extremely accurate Virtually zero false-positives provide an • Virtually unlimited project size effective solution to include in the SDLC • Supports all major development languagespatened virtual compiler Scan unbuilt code—without a from multiple OS platforms. compiler • Web services, websites and client-server based applications supportattack flow visualization Each vulnerability attack path is fully • Enforces coding practices and regulatory presented for easy investigation requirements (PCI, HIPAA, SOX, and more...)next generation An intuitive query language is available • Hundreds of out of the box security checks andquery language for tailoring checks to customer needs compliance standardsvulnerability coverage Hundreds of out of the box securitybusiness logic checks suited for every organization Unmatched capability of investigating about checkmarx Checkmarx is the leading provider for source codevulnerability review architectural flaws analysis. Founded in 2006, Checkmarx providescoding practice Customization of queries allows comprehensive solutions for automated security codeenforcement programming policy verification review. Its technology is used by large corporations and small and medium-sized organizations across alluser hierarchy support Extensive user and privilege industries. Checkmarx pioneered the concept of a query management capabilities language-based solution for tracking technical and logical code vulnerabilities, and continues to bring newresults reporting & export Full dashboard report for Projects, innovative solutions to market to fulfill its vision for a Tasks. Export to numerous formats: hacker free world. xml, csv, etc. Integration with ticketing systems Vietnam Partner: ITAS Corpmultitier architecture Manager server, multiple scan engines 459A Nguyen Kiem St.,Ward 9, Phu Nhuan Dist, HCMC, Vietnam and click-once thin clients Phone: 08-38931952 ITAS Corp • Telephone: +84-8-38931952 • Website: • Email: info@ itas. vn