http://www.checkmarx.com/Products.aspx?id=3

Checkmarx CxSuite짰 is the most powerful Source Code Analysis (SCA) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code.
CxSuite provides a high degree of flexibility and configurability by supporting a wide range of vulnerability categories, OS platforms, programming languages and frameworks. By seamlessly integrating into the Software Development Life Cycle (SDLC), Checkmarx셲 automatic code review suite allows organizations to address the challenge of securing the code while cutting down on time and costs.
 

CxSuite is a security source analysis enterprise software

  • CxManager An intuitive framework environment
  • CxDeveloper The next generation of SCA solutions
  • CxViewer Reviewing scan results for code remediation
  • CxAudit Investigating the source code


CxManager
CxManager provides a framework for CxDeveloper, CxViewer and CxAudit, Checkmarx셲 leading SCA solutions. CxManager allows keeping track of security threats found in the source code and assess their severity and importance to R&D projects.
CxManager collects security information based on CxDeveloper and CxAudit code review results. Textual and graphic reports provide in-depth analysis of the information collected, which allow accurate identification of vulnerabilities in the source code and necessary remediation measures that are required for fixing the code.



CxDeveloper

Checkmarx CxDeveloper is the most comprehensive and advanced Source Code Analysis solution to incorporate into the SDLC. The system offers hundreds of out of the box security queries designed to cover a wide range of vulnerability checks, with virtually zero false-positive results. Step by step wizards guide developers, from choosing the code, to producing the most accurate and relevant results.



CxViewer

Checkmarx CxViewer is used for obtaining audit results and reviewing vulnerabilities and attacks patterns. CxViewer enables flow analysis and vulnerability visualization viewing of CxAudit and CxDeveloper scan results. The system allows developers to load scanned projects and investigate detailed results such as security vulnerabilities, business logic attacks, and coding practice compliance.



CxAudit

Checkmarx CxAudit was designed as the most comprehensive source code security solution for application auditors. CxAudit offers both hundreds of out of the box security queries and customization capabilities, designed to cover the widest range of vulnerability checks. The patented Checkmarx query language (CxQL) permits the discovery of vulnerabilities in the code, with virtually zero false-positives.



Industry vulnerability classification
OWASP top 10 /SANS 20 / mitre CWE


Comprehensive vulnerability severity categorization
High-risk / medium-threat / low-visibility / best-coding practice


Out of the box vulnerability query samples
SQL Injection, Session fixation, Cross-site scripting, Session poisoning, Code injection, Unhandled exceptions, Buffer overflow, Unreleased resources, Parameter tampering, Unvalidated input, Cross-site request forgery, URL redirection attack, HTTP splitting, Dangerous files upload, Log forgery, Hardcoded password, DoS, And more


Features & Benefits
Vulnerability coverage
: Hundreds of out of the box security checks suited for every organization
Extremely accurate: Virtually zero false-positives provide an effective solution to include in the SDLC
Attack flow visualization: Each vulnerability attack path is fully presented for easy investigation
User friendly interface: Wizards guide developers step by step for ease of use and immediate results
Pre-configured sets of security checks: Choosing a set of queries for a project is easier than ever
Business logic vulnerability review: A unique unmatched capability of investigating architectural flaws
Coding practice enforcement: Customization of queries allows programming policy verification
Extensive audit capabilities: Large projects are scanned with high speed and accuracy
Full team support: Scan in any location and share results for investigation on every network PC
Easy install and setup: CxSuite environment is installed and fully functional in a matter of hours
Basic system requirements: CxSuite runs on any Windows OS, with .NET Framework 2.0 and 2GB memory RAM
Share
Related Documents
  1. [Video] Code Reviews (1216)
  2. [Ebook] Ext JS in Action (5643)
  3. Code Security Review Guidelines (568)
  4. [Free] HoloDeck - Tool for security/Fuzz/Vulnerability Testing (2133)
  5. SQL Injection for newbie (2181)
  6. Code Review Plan (678)
  7. Security Testing Reference : SQL Injection (2347)
  8. [Free] SourceMonitor : software source code Review Tool (1992)
  9. [Free] Review Board : Web-based code review tool (2382)
  10. Static Analysis and Statistical Analysis (1794)
  11. [Paid] Ada-ASSURED : Testing and reviewing for coding style (1690)
  12. Beyond Simple Vulnerability Scanning (1373)
  13. [Paid] Retina : Unified vulnerability management and security testing tool (1642)
  14. [Paid] Understand : a static analysis tool (2758)
  15. [Free] Exploit-Me : Web application security testing tools (3405)
  16. Software Security with Static Code Analysis Using CAT.NET (Level 200) (681)
  17. How to Test Application Security Web and Desktop Application Security Testing Techniques (3280)
  18. [Paid] Vigilant Sentry : a static code analyzer for C/C++ (1990)
  19. [Video] Code Reviews using Klocwork Inspect (1297)
  20. Managing the Social Effects of Code Review (1224)