Checkmarx - Products

Your source code investigator

Checkmarx CxAudit® is the most powerful Static Application Security Testing (SAST) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code. CxAudit provides a high degree of flexibility and configurability by supporting a wide range of vulnerability categories, OS platforms, programming languages and frameworks. By seamlessly integrating into the Software Development Life Cycle (SDLC), Checkmarx’s automatic code review suite allows organizations to address the challenge of securing the code while cutting down on time and costs.

The most efficient automated security code review solution
Checkmarx CxAudit is the most comprehensive source code security solution for application auditors. CxAudit offers hundreds of security queries designed to cover a wide range of vulnerability checks. The patented Checkmarx query language (CxQL) permits the discovery of vulnerabilities in the code with virtually zero false-positives.

The next generation of Static Application Security Testing tools
Checkmarx’s ultra powerful query engine (CxEngine) offers the capability of investigating the code to discover both technical and business-logic vulnerabilities (misuse cases) to security auditors, software developers and code reviewers. Technology and real-world security knowledge are blended to provide the broadest range of vulnerability checks available in any tool on the market, and it’s easily extended to include your real world knowledge too.

CxAudit is designed for accurate and effective results:

The widest range of vulnerability checks
Virtually zero false-positive results
Hundreds of out of the box security queries
User-friendly dashboard and wizards
Seamless integration into the SDLC
Complete verification and tracking of each result
Graphical representation of discovered vulnerabilities

It’s all about accuracy
Visualization of vulnerabilities is the key for secure code. CxAudit presents the full path and tracking of vulnerabilities which have been identified in the code. A sophisticated patented engine locates and graphically presents a full attack path in the code for the auditor to review. This feature allows user-friendly, effortless identification of vulnerable lines of code for remediation. By presenting the full flow of the attacks, CxAudit delivers virtually zero false-positive verified results.

Industry vulnerability classification
OWASP top 10 /SANS 20 / mitre CWE

Comprehensive vulnerability severity categorization
High-risk / medium-threat / low-visibility / best-coding practice

Out of the box vulnerability query samples
SQL Injection, Session fixation, Cross-site scripting, Session poisoning, Code injection, Unhandled exceptions, Buffer overflow, Unreleased resources, Parameter tampering, Unvalidated input, Cross-site request forgery, URL redirection attack, HTTP splitting, Dangerous files upload, Log forgery, Hardcoded password, DoS, And more…

Features & Benefits
Vulnerability coverage: Hundreds of out of the box security checks suited for every organization
Extremely accurate: Virtually zero false-positives provide an effective solution to include in the SDLC
Attack flow visualization: Each vulnerability attack path is fully presented for easy investigation
Next generation query language: An intuitive query language is available for tailoring checks to customer needs
Business logic vulnerability review: A unique unmatched capability of investigating architectural flaws
Coding practice enforcement: Customization of queries allows programming policy verification
Extensive audit capabilities: Large projects are scanned with high speed and accuracy
Full team support: Scan in any location and share results for investigation on every network PC
Easy install and setup: CxAudit environment is installed and fully functional in a matter of hours
Basic system requirements: CxAudit runs on any Windows OS, with .NET Framework 2.0 and 2GB memory RAM

Countless scalability features for effective integration into the SDLC

Virtually unlimited project size
Supports all major development languages from multiple OS platforms
Web services, websites and client-server based applications support
Enforces coding practices and regulatory requirements (PCI, HIPPA, SOX, and more...)
Hundreds of out of the box security checks and compliance standards to choose from