NII is a value-added reseller for Checkmarx in India. Having worked with a number of static source code analysis vendors, we have been able to derive the maximum value from Checkmarx. Not only does our team implement Checkmarx for clients, but we also use it extensively in all our source code review assignments. Leveraging our existing skillsets in web application security, we are able to deliver high-value engagements for clients encompassing web application security assessments, application security design reviews and combined with source code reviews.
Checkmarx products assist with security testing throughout the Software Development Life Cycle (SDLC), and support the most challenging agile development environments such as continuous integration and continuous deployment. These products support and follow OWASP Top 10, SANS Top 10, PCI DSS, and MISRA C standards.
Why Static Code Analysis?
Static code analysis (SCA) delivers security and the requirement of incorporating security into the software development lifecycle (SDLC). It is the only proven method to cover the entire code base and identify all the vulnerable patterns using static code analysis tools. In static code analysis the entire code base is abstracted and all code properties and code flows are exposed. Checkmarx goes beyond all other static code analysis tools and store all these code properties in an open and query-able database.
Checkmarx has innovated an open platform using static code analysis to overcome many shortcomings of other static code analysis tools to provide user friendly, highly productive, flexible and accurate risk intelligence platform.
Checkmarx CxSuite® is a powerful Source Code Analysis (SCA) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code.
CxSuite provides a high degree of flexibility and configurability by supporting a wide range of vulnerability categories, OS platforms, programming languages and frameworks. By seamlessly integrating into the Software Development Life Cycle (SDLC), Checkmarx’s automatic code review suite allows organizations to address the challenge of securing the code while cutting down on time and cost.
Only with Checkmarx can auditors test code at the earliest stages of the SDLC. Further, auditors can easily conduct spot checks without worrying about duplicating development environments. This is especially important for inspecting complex legacy applications where auditors can quickly inspect code with no setup.
Capabilities and Advantages of CxSuite
- Extremely accurate
Virtually zero false-positives provide an effective solution to include in SDLC
- Patented Virtual Compiler
Scan unbuilt code—without a compiler
- Attack flow visualization
Each vulnerability attack path is fully presented for easy investigation
- Next generation query language
An intuitive query language is available for tailoring checks to customer needs
- Vulnerability coverage
Hundreds of out of the box security checks suited for every organization
- Business logic vulnerability review
Unmatched capability of investigating architectural flaws