Checkmarx - Products

Security experts in a box

Checkmarx CxDeveloper® is the most powerful Static Application Security Testing (SAST) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code. CxDeveloper provides software development teams with a rich vulnerability analysis environment allowing them to catch security defects early in the development cycle. The system integrates seamlessly into the Software Development Life Cycle (SDLC), allowing organizations to address the challenge of securing the code while cutting down on time and costs.

Offering a new generation of SAST solutions
Checkmarx CxDeveloper is the most comprehensive and advanced source code security solution to incorporate into the SDLC. CxDeveloper offers hundreds of security queries designed to cover a wide range of vulnerability checks, with virtually zero false-positives. Step by step wizards guide the developers from choosing the code to producing the most accurate and relevant results.

Discovering real vulnerabilities with little overhead
CxDeveloper offers scanning large projects in unparallel speed and accuracy. While requiring little overhead from its operators, CxDeveloper delivers precise results and recommended methods for remediation of vulnerable code lines. CxDeveloper allows developers to address the application security issues both efficiently and effortlessly.

CxDeveloper is designed for accurate and effective results:

The widest range of vulnerability checks
Virtually zero false-positive results
Hundreds of out of the box security queries
User-friendly dashboard and wizards
Seamless integration into the SDLC
Complete verification and tracking of each result
Graphical representation of discovered vulnerabilities

It’s all about accuracy
Visualization of vulnerabilities is the key for secure code. CxDeveloper presents the full path and tracking of vulnerabilities which have been identified in the code. A sophisticated patented engine locates and graphically presents a full attack path in the code for the auditor to review. This feature allows user-friendly, effortless identification of vulnerable lines of code for remediation. By presenting the full flow of the attacks, CxDeveloper delivers virtually zero false-positive verified results.

Industry vulnerability classification:
OWASP top 10 /SANS 20 / mitre CWE

Comprehensive vulnerability severity categorization:
High-risk / medium-threat / low-visibility / best-coding practice

Out of the box vulnerability query samples
SQL Injection, Session fixation, Cross-site scripting, Session poisoning, Code injection, Unhandled exceptions, Buffer overflow, Unreleased resources, Parameter tampering, Unvalidated input, Cross-site request forgery, URL redirection attack, HTTP splitting, Dangerous files upload, Log forgery, Hardcoded password, DoS, And more…

Features & Benefits
Vulnerability coverage: Hundreds of out of the box security checks suited for every organization
Extremely accurate: Virtually zero false-positives provide an effective solution to include in the SDLC
Attack flow visualization: Each vulnerability attack path is fully presented for easy investigation
User friendly interface: Wizards guide developers step by step for ease of use and immediate results
Pre-configured sets of security checks: Choosing a set of queries for a specific project is easier than ever
Coding practice enforcement: Customization of queries allows programming policy verification
Extensive audit capabilities: Large projects are scanned with high speed and accuracy
Full team support: Scan in any location and share results for investigation on every network PC
Easy install and setup: CxDeveloper environment is installed and fully functional in a matter of hours
Basic system requirements: CxDeveloper runs on any Windows OS, with .NET Framework 2.0 and 2GB memory RAM

Countless scalability features for effective integration into the SDLC:

Virtually unlimited project size
Supports all major development languages from multiple OS platforms
Web services, websites and client-server based applications support
Enforces coding practices and regulatory requirements (PCI, HIPPA, SOX, and more...)
Hundreds of out of the box security checks and compliance standards to choose from