Checkmarx - Products

Comprehensive Security

Checkmarx CxSuite® is the most powerful Static Application Security Testing (SAST) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code.
CxSuite provides a high degree of flexibility and configurability by supporting a wide range of vulnerability categories, OS platforms, programming languages and frameworks. By seamlessly integrating into the Software Development Life Cycle (SDLC), Checkmarx’s automatic code review suite allows organizations to address the challenge of securing the code while cutting down on time and costs.

CxSuite is a security source analysis enterprise software:

CxManager – An intuitive framework environment
CxDeveloper – The next generation of SAST solutions
CxViewer – Reviewing scan results for code remediation
CxAudit – Investigating the source code

CxManager
CxManager provides a framework for CxDeveloper, CxViewer and CxAudit, Checkmarx’s leading SAST solutions. CxManager allows keeping track of security threats found in the source code and assess their severity and importance to R&D projects.
CxManager collects security information based on CxDeveloper and CxAudit code review results. Textual and graphic reports provide in-depth analysis of the information collected, which allow accurate identification of vulnerabilities in the source code and necessary remediation measures that are required for fixing the code.

CxDeveloper
Checkmarx CxDeveloper is the most comprehensive and advanced Static Application Security Testing solution to incorporate into the SDLC. The system offers hundreds of out of the box security queries designed to cover a wide range of vulnerability checks, with virtually zero false-positive results. Step by step wizards guide developers, from choosing the code, to producing the most accurate and relevant results.

CxViewer
Checkmarx CxViewer is used for obtaining audit results and reviewing vulnerabilities and attacks patterns. CxViewer enables flow analysis and vulnerability visualization viewing of CxAudit and CxDeveloper scan results. The system allows developers to load scanned projects and investigate detailed results such as security vulnerabilities, business logic attacks, and coding practice compliance.

CxAudit
Checkmarx CxAudit was designed as the most comprehensive source code security solution for application auditors. CxAudit offers both hundreds of out of the box security queries and customization capabilities, designed to cover the widest range of vulnerability checks. The patented Checkmarx query language (CxQL) permits the discovery of vulnerabilities in the code, with virtually zero false-positives.

Industry vulnerability classification:
OWASP top 10 /SANS 20 / mitre CWE

Comprehensive vulnerability severity categorization:
High-risk / medium-threat / low-visibility / best-coding practice

Out of the box vulnerability query samples
SQL Injection, Session fixation, Cross-site scripting, Session poisoning, Code injection, Unhandled exceptions, Buffer overflow, Unreleased resources, Parameter tampering, Unvalidated input, Cross-site request forgery, URL redirection attack, HTTP splitting, Dangerous files upload, Log forgery, Hardcoded password, DoS, And more…

Features & Benefits
Vulnerability coverage: Hundreds of out of the box security checks suited for every organization
Extremely accurate: Virtually zero false-positives provide an effective solution to include in the SDLC
Attack flow visualization: Each vulnerability attack path is fully presented for easy investigation
User friendly interface: Wizards guide developers step by step for ease of use and immediate results
Pre-configured sets of security checks: Choosing a set of queries for a specific project is easier than ever
Business logic vulnerability review: A unique unmatched capability of investigating architectural flaws
Coding practice enforcement: Customization of queries allows programming policy verification
Extensive audit capabilities: Large projects are scanned with high speed and accuracy
Full team support: Scan in any location and share results for investigation on every network PC
Easy install and setup: CxSuite environment is installed and fully functional in a matter of hours
Basic system requirements: CxSuite runs on any Windows OS, with .NET Framework 2.0 and 2GB memory RAM