A brief introduction to Visual Studio
Visual Studio has evolved over the years and now has a built-in code analyzer. The IDE now has a code analysis tool window, which helps the user view, sort and fix detected loopholes. This internal code analyzer scans the project and checks if the code is in compliance with the latest Microsoft .NET Framework Design Guidelines.
Added functionality in Visual Studio 2013 (and above) involves:
Checkmarx’s Visual Studio static code analysis plugin
Checkmarx’s Visual Studio code analysis plug-in is fully integrated into the IDE, creating a user-friendly and easy-to-access interface. Visual Studio 2005 and above are fully supported. The CxViewer’s four panes make it extremely easy to view and analyze the findings. This effective break-down optimizes the vulnerability mitigation process.
These panes, that provide various levels and types of information, include:
The CxViewer Tree post-scan summary
The CxViewer Panes Overview
Since the Checkmarx solution is basically a plug-in, changes to the code can be made while reviewing the vulnerabilities, with no need to switch between applications. This plugin display’s the paths in their entirety with all their intersections, pointing exactly at the optimal mitigation points. This enables the fixes to be extremely efficient.
Other benefits of using Checkmarx’s Visual Studio static code analysis
1) Optimized mitigation process: After getting an overview of the vulnerabilities found after Checkmarx’s Visual Studio code analysis, the user can then start working on the recommended mitigation points, a feature unique to the Checkmarx solution.
The Checkmarx plugin shows the weakest point in the code.
2) Seamless integration: This plugin is unique as it is planted into the Visual Studio and requires no additional steps from the user’s side. The Visual Studio project’s code is directly uploaded to CxSuite, Checkmarx’s primary source code analysis solution.
3) Easy setup and installation: Installation is a breeze. All the developer needs to do is to download the file from the Checkmarx website and install it on his system. Only a quick setup configuration process needs to be performed before using the plugin.
Installing the Checkmarx Visual Studio plugin is blazing fast.
3) Fully customizable security solution: Checkmarx’s Visual Studio code analysis solution can easily be customized. The aforementioned analysis display panes can be re-arranged or hidden as per the user’s needs and preferences.
4) Detection of application-layer vulnerabilities: SQL Injections (SQLi), Cross-Site Scripting (XSS). Cross-Site Request Forgery (CSRF) and other vulnerabilities found in the OWASP Top-10 are detected with the help of Checkmarx’s security solution.
5) Fast scanning speeds and high accuracy: The Checkmarx Visual Studio static code analysis is suitable for both small and large projects. It is capable of scanning large numbers of K-LoCs at a time, while maintaining low levels of false-positives (FP).
Checkmarx brings similar integration and functionality with its Eclipse and IntelliJ plugins. Source code analysis (SCA) built into IDEs is a potent security solution all developers must have at their disposal. This results in more robust applications with lesser erroneous code, eventually keeping the malicious attackers at bay.
Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.
Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.