Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Source Code Analysis - The Value Of Partial Code Scanning

2,191 views

Published on

The presentation used by Maty Siman, the Founder and CTO of Checkmarx, during the webinar that discussed the benefits of being able to scan partial code samples (uncompiled / unbuilt code) as part of a static application security testing solution.

Published in: Technology
  • Be the first to comment

Source Code Analysis - The Value Of Partial Code Scanning

  1. 1. Partial Code ScanningSource Code Analysis For The Masses Maty Siman, CISSP Checkmarx CTO
  2. 2. Checkmarx Application Understanding Enter void main() { int j = 0; int i = 0; j=0 i=0 while (i<10) Printf (j) Printf (i) while (i < 10){ if (i == 3){ j=j*2; } Abstraction j = j + i; If (i==3) i=i+1 j=j+I i = i + 1; } printf ("%dn", j); j=j*2 printf ("%d,n", i); } Use queries to pick the brain DB on security, quality & performance
  3. 3. Enabler: The Virtual Compiler Java .Net C, C++ VB/ASP PHP Apex Ruby Android Virtual Compiler Language Adaptor Syntax Compensator Linkage Resolver Code Enhancer Common Language Form Exhaustive Flow Scanner Detection Code & Flow Engine Data base
  4. 4. Partial Scanning Enables:Security Testing Throughout The SDLC CHECKMARX patented and revolutionary technology allows reviewing uncompiled code throughout the SDLC Time & Cost Static analysis tools find System Testing defects and design flaws “in phase” Integration Testing Unit Testing Cost to find/fix a defect Code Inspection during integration/system test is 15-90 times higher than at design/coding very difficult to run compiled code scans Design Coding QA Production [Escalating cost to find and fix a defect or design flaw as it is discovered late in the Software Development Life Cycle (IDC, 2005)]
  5. 5. Partial Scan Benefit Summary Scan source code = Easy setup Compile unnecessary = Full SDLC Analyzed for security = High accuracy Flexible Architecture = Scan anytime, anywhereTry Checkmarx immediately at: www.cxprivatecloud.com
  6. 6. Case Study 1: salesforce.com’s Gatekeeper •135,000 custom applications •200,000 developers growing community • Proprietary Scripting languagePowered by Partner/Customer Source code
  7. 7. Mandatory certification: salesforce.comThe first on-demand source codeanalysis tool solely built for aplatform as a service.
  8. 8. Case Study 2: Large ISVFully Automated Vulnerability Lifecycle
  9. 9. Case Study 3: Large ISV with ~20,000 customers WWSupports Clients Plug-ins
  10. 10. Eclipse Plugin – Enables Partial Code Scanning
  11. 11. Thank you !Maty SimanCTO, Checkmarxmaty@checkmarx.comTo learn more, please visit www.checkmarx.com

×