Skip to main content
Home
Home

Основная навигация

  • COMPANY
    • About Us
    • Career
    • News
    • Events
    • Partners
    • Contacts
  • VENDORS
  • SOLUTIONS
    • Archiving
    • Data security
    • Fraud prevention
    • IT-infrastructure security
    • Network security
    • Protection against enhanced attacks
    • Secure processing
    • Secure Internet access
    • Video analytics
  • TECHNICAL SUPPORT
  • BECOME A PARTNER
  • FOR VENDORS
  • ru
  • en
search
  • ru
  • en
search
Checkmarx
The solution automates all Application Security Testing processes at each stage of the Software Development Lifecycle: from code writing to retirement and makes each of them more efficient.
  • About the platform887.37 KB
  • SAST443.85 KB
  • IAST1 MB
  • Codebashing671.48 KB
Demo Request

SW application security is as multilevel as all other challenges faced by players in the information security market. Software security should be guarded at each stage of its development – from design to retirement. Checkmarx as a SW integrated platform for application security testing makes all said processes automated and most efficient.

Today the Checkmarx platform consists of 4 modules that can be united and seamlessly embedded into SDLC and SI/CD processes. Each module is used at a certain stage of SW development to write a secure and high quality application.

VULNERABILITY MANAGEMENT STREAMLINING
 
The CxSAST module has unique technical capabilities allowing developers to reduce error correction time. It is a very simple and user friendly solution that does not require any extra costs for administration and provides flexible reporting tools.
APPLICATION MONITORING
 
The CxIAST module is designed for monitoring real time application testing process and capable to detect vulnerabilities in a running application under test. CxIAST is developed for flexible DevOps and CI/CD processes and requires no additional security testing costs which ensures considerable time savings for developers and testers. Unlike obsolete dynamic analysis solutions (DAST), CxIAST does not anyhow hinder the SW development life cycle and performs monitoring not scanning.
SECURE DEVELOPMENT TRAINING
 
The CxCodebashing module represents a new generation of professional interactive on-site secure development trainings. CxCodebashing is a set of interactive training courses that includes lessons on various types of vulnerabilities. Utilizing the cloud based system developers learn the sources and courses of various vulnerabilities, associated risks and remediation methods.
ANALYSIS OF OPEN SOURCE COMPONENTS
 
The CxOSA module is transparently embedded into the development cycle and performs constant monitoring of Open Source components detecting vulnerabilities and offering troubleshooting recommendations. Currently CxOSA is a module of the CxSAST analyzer due to which all data generated by these two solutions are provided in a single window.

Checkmarx

The solution automates all Application Security Testing processes at each stage of the Software Development Lifecycle: from code writing to retirement and makes each of them more efficient.

Advantages

 
Comprehensive platform
Checkmarx is a 4 module software integrated platform designed to analyze application security
 
Over 25 languages
Checkmarx CxSAST support more than 25 coding and scripting languages, scenarios and frameworks
 
Complete vulnerability coverage
CxSAST is capable to detect hundreds of known code vulnerabilities
 
 
«Best Fix Location»
The Best Fix Location CxSAST static analysis algorithm allows for remediation of multiple vulnerabilities at a single point in the code
 
Real time monitoring
CxIAST detects vulnerabilities in running applications under test
 
Open Source Security
CxOSA detects Open Source components and issues remediation recommendations
 
 
Training
CxCodebashing provides on-site secure coding training
 
«Shift left»
Manages vulnerabilities at early development stages!
 
Minimum false positive rate
The Query Language technology allows for a fine tuning and is capable of detecting a vulnerability in a code and business logic errors
More

Cases

Reducing Time for Error Correction

The first step towards a secure application is the static code analysis at the development stage. The CxSAST analyzer is used at the very early stages of the SDLC for the process optimization and automation. A major client with a large team of overloaded IT and data security specialists managed, with the use of CxSAST, to find the way to ease the tension. An Application Security group was established to process the Checkmarx scanning results. They build threat models for each application and detect most dangerous problems. Then tickets are generated in Jira providing the developers with detailed vulnerability remediation instructions, including the file number and name, line with the found error, etc. Now the developers are able to start solving the described problem without spending their time for reviewing the analytics.

Open Source Risk Monitoring

Nobody wants to reinvent the wheel, so many companies opt to use ready-made Open Source Code components. Such components are often provided free of charge but sometimes turn out to have specific license restrictions. More often than not enthusiasts develop them, however sometimes cyber criminals appear on stage! There is no surprise that Open Source is a source of various vector threats from cyber vulnerability to licensing and reputation risks. With the CxSAST based CxOSA module companies can find answers to a number of important questions relating to OpenSource solutions. For example, which vulnerabilities are hidden in a given version of the library, whether it should be upgraded to its new release, is it time and labor consuming, are there any license risks?

Increasing the Application Analysis Speed and Quality

Application security is much more than one type of software testing. Initially the DAST (Dynamic Application Security Testing) technology was used, then SAST (Static Application Security Testing), a more efficient solution, was found. However, these two solutions were not sufficient to address the challenges emerged due to the technological growth and high-speed demands. Migration to CxIAST (Interactive Application Security Testing) can satisfy customers’ needs in real time application testing. Checkmarx introduced this new product in early 2019 and it has quickly found users. Unlike legacy DAST-solutions CxIAST does not anyhow hinder the SDLC as it provides monitoring not scanning services.

Quick Application Security Training

Modern businesses often opt for speed neglecting security. Thus, in the developers community it is common to ignore security issues being sure that the release time to market and functionality development are the highest priority challenges. Checkmarx helps organizations solve the problem offering the CxCodebashing interactive secure development trainings. The solution provides statistics on all trainees and the administrator may trace their progress which facilitates remote communications with developers. Illustrative is the case when one major financial company in order to reduce the load on its application security department decided to employ only those developers who have completed the CxCodebashing training in their language before check in.

Demo Request

Consent to the processing of personal data
By pressing the «Send the Form» button you confirm your consent to the processing of your personal data according to Federal Law No 152-FZ «On Personal Data» of July 27, 2006. ITD Group and its affiliates warrant confidential treatment of the information you provide.
Privacy Policy
The personal data are processed in order to facilitate effective management of your requests and queries in compliance with the «Personal Data Confidentiality Policy».

Company

Vendors

Technical support

Become a partner

For vendors

Archiving

Secure processing

IT-infrastructure security

Secure Internet access

Video analytics

Data security

Protection against enhanced attacks

Fraud prevention

Network security

Application testing

International IT-Distribution Group (ITD Group) is a group of companies representing the interests of the developers of innovative solutions in the field of information security.

Address: 115114, Moscow, st. Derbenevskaya, d.15b
Phone: +7 (499) 502-13-75
E-mail: info@iitdgroup.ru
/iitdgroup/
/company/iitd-group

© 2020 Copyright by International IT-Distribution Group

Website creation