- Static Code Analysis
- Supported Languages
- Vulnerability Coverage
- Application Security Testing
Out-of-the-box Support For All Major Standards
Software security vulnerabilities are well documented and standardized by bodies like SANS and OWASP that branded the OWASP Top 10 vulnerabilities.
Checkmarx’s SAST solution supports all OWASP Top 10 and SANS standards out of the box, but full software vulnerability coverage goes above and beyond these lists. Checkmarx has built a platform that enables limitless coverage of the software vulnerability spectrum.
It has been achieved using our unique Open Architecture where all programs are converted into code abstract and are stored in a query-able persistent database. Security vulnerabilities are then detected using an open query language.
Out-of-the-box queries cover all known security software vulnerabilities listed in OWASP top 10, SANS and other standards.
Furthermore, the auditor can adjust and write queries for further detection enabling broad coverage and infinite accuracy.
Sample Of Covered Software Vulnerabilities (OWASP Top 10 & more)
|HIGH RISK||MEDIUM THREAT||LOW VISIBILITY|
|OWASP TOP 10 ++|
|CGI Reflected XSS||Access Control||Arithmetic Operation On Boolean|
|CGI Stored XSS||Buffer Overflow||Blind SQL Injections|
|Code Injection||CGI Reflected XSS All Clients||Client Side Only Validation|
|Command Injection||CGI Stored XSS||Cookie not Sent Over SSL|
|Connection String Injection||CGI XSS||Dangerous File Upload|
|LDAP Injection||Cookies Scoping||Dead Code|
|Process Control||Cross Site History Manipulation||Deprecated And Obsolete|
|Reflected XSS||DB Paramater Tampering||Deprecated CRT Functions VS2005|
|Reflected XSS All Clients||Dangerous Functions||DoS by Unreleased Resources|
|Resource Injection||Data Filter Injection||Equals without GetHashCode|
|SOQL SOSL Injection||DoS by Sleep||Escape False Warning|
|SQL injection||Double Free||Files Canonicalization Problems|
|Second Order SQL Injection||Environment Injection||Hardcoded Absolute Path|
|Stored XSS||Environment Manipulation||Hardcoded Password|
|UTF7 XSS||Files Manipulation||Hardcoded password in Connection String|
|XPath Injection||Frame Spoofing||Impersonation Issue|