1. CxSuite
enterpriSe edition
®
manage the risks
Checkmarx Suite® is the most powerful Source Code Analysis
(SCA) solution designed for identifying, tracking and fixing
security flaws from the root: the source code.
CxSuite provides a high degree of flexibility and
configurability by supporting a wide range of vulnerability
categories, operating system (OS) platforms, programming
languages and frameworks. By integrating into the Software
Development Life Cycle (SDLC), Checkmarx’s automatic code
review suite allows organizations to address the challenge of
securing the code while cutting down on time and costs.
checkmarx patented
CxSuite iS deSigned for
accurate and effective reSultS:
virtual compiler • The widest range of vulnerability checks
Scan unbuilt code - without a compiler • Virtually zero false-positive results
The Virtual Compiler enables developers to test code • Hundreds of out-of-the-box security queries
anywhere, anytime, while avoiding problems of compiler • Pinpoints business-logic flaws
and operating system compatibility. Developers can test • Integration into the SDLC
• Complete verification and tracking of each result
uncompiled and unlinked code, their independent modules
• Graphical representation of discovered vulnerabilities
or any other application subsets in a true developer desktop
deployment that reinforces good security awareness and
it’S all about
practices as the code is written
the next generation of code
auditing
accuracy
Visualization of vulnerabilities is the key to quick
Only with Checkmarx can auditors test code at the earliest remediation of insecure code. The CxSuite presents all the
stages of the SDLC. Further, auditors can easily conduct spot path details that describe the vulnerability’s full anatomy.
checks without worrying about duplicating development A sophisticated patented engine locates and graphically
environments. This is especially important for complex presents a full attack path in the code for quick review.
legacy applications where auditors can quickly inspect code This feature allows user-friendly, effortless identification
with no setup. of vulnerable lines of code for remediation.
ITAS Corp • Telephone: +84-8-38931952 • Website: www.itas.vn • Email: info@itas.vn
2. induStry vulnerability claSSification:
OWASP top 10 /SANS 20 / mitre CWE
comprehenSive vulnerability Severity categorization:
High-risk / medium-threat / low-visibility / best-coding practice
investigate the Scans
out of the box vulnerability query SampleS:
• SQL Injection • Session fixation
• Cross-site scripting • Session poisoning
• Code injection • Unhandled exceptions
• Buffer overflow • Unreleased resources
• Parameter tampering • Unvalidated input
• Cross-site request forgery • URL redirection attack
• HTTP splitting • Dangerous files upload
• Log forgery • Hardcoded password
• DoS • And more…
CapabilitieS DeSCription anD aDvantageS countleSS Scalability featureS for
effective integration into the Sdlc:
extremely accurate Virtually zero false-positives provide an
• Virtually unlimited project size
effective solution to include in the SDLC
• Supports all major development languages
patened virtual compiler Scan unbuilt code—without a from multiple OS platforms.
compiler • Web services, websites and client-server based
applications support
attack flow visualization Each vulnerability attack path is fully
• Enforces coding practices and regulatory
presented for easy investigation requirements (PCI, HIPAA, SOX, and more...)
next generation An intuitive query language is available • Hundreds of out of the box security checks and
query language for tailoring checks to customer needs compliance standards
vulnerability coverage Hundreds of out of the box security
business logic
checks suited for every organization
Unmatched capability of investigating
about checkmarx
Checkmarx is the leading provider for source code
vulnerability review architectural flaws analysis. Founded in 2006, Checkmarx provides
coding practice Customization of queries allows comprehensive solutions for automated security code
enforcement programming policy verification review. Its technology is used by large corporations
and small and medium-sized organizations across all
user hierarchy support Extensive user and privilege industries. Checkmarx pioneered the concept of a query
management capabilities language-based solution for tracking technical and
logical code vulnerabilities, and continues to bring new
results reporting & export Full dashboard report for Projects,
innovative solutions to market to fulfill its vision for a
Tasks. Export to numerous formats:
hacker free world.
xml, csv, etc. Integration with ticketing
systems Vietnam Partner: ITAS Corp
multitier architecture Manager server, multiple scan engines 459A Nguyen Kiem St.,Ward 9,
Phu Nhuan Dist, HCMC, Vietnam
and click-once thin clients
Website:www.itas.vn
Phone: 08-38931952
ITAS Corp • Telephone: +84-8-38931952 • Website: www.itas.vn • Email: info@ itas. vn