Checkmarx’s SAST technology enables organizations to easily and cost effectively comply with most of the major regulatory requirements and industry standards.
The risks involved with non compliance and a potential security breach can be significant and include regulatory penalties, legal actions and irreparable brand name damage.
PCI DSS
The Payment Card Industry Data Security Standard (PCI DSS), includes a set of requirements to ensure a secure environment is maintained for all companies that process, store or transmit credit card information.
The excerpt below from the PCI DSS requirements, showcases the significance that PCI places on Application Security.
Any “public-facing web applications are reviewed for security vulnerabilities after any changes are made to the application and at minimum once a year”. Another important requirement is that any identified vulnerabilities will be corrected and a re-evaluation of the code will be done to ensure that the security vulnerabilities were mitigated.
HIPAA
The HIPAA (Health Insurance Portability and Accountability Act ) standard sets the ways in which electronic (online) financial and administrative transactions should be executed by companies who provide health plans, health care clearing houses and other health care providers. Checkmarx’s solution, includes the set of queries that scan your application’s source code and identify any sections which are non compliant with HIPAA. The most effective location within the code to fix that non compliance is shown which minimizes the time and costs involved in achieving compliance.
MISRA
MISRA C – a software development standard for the C programming language developed by MISRA (Motor Industry Software Reliability Association). Its aims are to facilitate code safety, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C.
There is also a set of guidelines for MISRA C++.
