We Scan Your Source Code

Identify software security vulnerabilities & fix them

  • Easy to use
  • Scans uncompiled code
  • Highly accurate
  • On-Premise & On-Demand

Start A FREE Trial

Testimonials

US Army

The US Army is a longtime customer of Checkmarx’s next generation Source Code Analysis (SCA).

US Army

Checkmarx plays a fundamental role in hardening our web application. Exploits are becoming more sophisticated and Checkmarx is our first line of defense.

Daniel Bondurant -
CTO Wiredrive.com

logo_liveperson_0 thumbnail 119width

“Checkmarx’s technology is highly accurate and easy to use. It offers great performance and the ability to scan incomplete code samples. It was agile enough to support specific requests we had for our secure SDLC and was the most sensible decision commercially”

Yair Rovek -
Security Specialist - LivePerson

salesforce.com logo 86x67

salesforce.com selected Checkmarx’s next generation static code analysis tool as the official Force.com Security Source Code Scanner. With hundreds of millions LoC scanned to date, Checkmarx ensures all AppExchange applications are secured to the highest standards.

salesforce.com

Atlassian Logo Thumbnail

“Using Checkmarx is easier than other tools. Important – you do not need to integrate it into your build process, just throw source code at it.”

Vitaly Osipov -
Information Security Expert - Atlassian

Checkmarx Blog

April 2015
23

SAST vs DAST – Why SAST?

Application security used to be an afterthought until a few years ago, but the exponential rise in cybercrime and malicious activity has made organizations pay more attention to this crucial aspect. This realization has also brought up a widespread discussion about the pros and cons of the various AppSec solutions…

April 2015
16

15 Vulnerable Sites To (Legally) Practice Your Hacking Skills

They say the best defense is a good offense – and it’s no different in the InfoSec world. Use these 15 deliberately vulnerable sites to practice your hacking skills so you can be the best defender you can – whether you’re a developer, security manager, auditor or pen-tester. Always remember:…

April 2015
14

XSS: The Definitive Guide to Cross-Site Scripting Prevention

As old as web browsers themselves, cross-site scripting (XSS) has been an ongoing issue in the security world. It’s consistent appearance on the OWASP Top 10 and in news reports of cross-site scripting attacks has kept the security issue in the spotlight over the years. Yet after two decades the security…

April 2015
07

All You Wanted To Know About Continuous Integration Security

Continuous Integration (CI) is an application development practice that’s becoming more and more popular in large software development organizations. While it boosts productivity and code integrity, it introduces new technical challenges in the security process, magnifying the importance of selecting of the right solution for the task. Despite CI’s introduction…

March 2015
26

CISO Insights: How the CISO of San Diego Secures His City

This article is the first in a series of interviews with CISOs in various industries. Our goal is to share our conversations with different Chief Information Security Officers about how they deal with daily tasks as well as the bigger picture of innovating security practices around business operations. Gary Hayslip…