Checkmarx Named a Leader in Gartner Magic Quadrant for Application Security Testing

Checkmarx Static Application Security Testing

Make custom code security testing inseparable from development

Hero Image

Checkmarx SAST

Checkmarx SAST (CxSAST) is an enterprise-grade flexible and accurate static analysis solution used to identify hundreds of security vulnerabilities in custom code. It is used by development, DevOps, and security teams to scan source code early in the SDLC, identify vulnerabilities and provide actionable insights to remediate them. Supporting over 22 coding and scripting languages and their frameworks with zero configuration to scan any language.

Ease of Automation

Seamlessly integrates with all IDEs, build management servers, bug tracking tools and source repositories to automatically enforce a security policy.

Manage Security at Scale

Empower teams to set and use policies to govern application security, enforce them through build-tool integrations and manage remediation efforts through IT workflow support.

Accelerate Time to Remediation

Allow developers to fix multiple vulnerabilities at a single point in the code using our unique “Best Fix Location” algorithm.

Find Vulnerabilities Sooner

Checkmarx SAST scans uncompelled code and doesn’t require complete build. No dependency configurations and no learning curve when switching languages!

Application Security Training for Major Programming Languages and Frameworks

Supported Vulnerabilities

Access Control
Arithmetic Operation On Boolean
Blind SQL Injections
Buffer Overflow
CGI Reflected XSS
CGI Stored XSS
Client Side Only Validation
Code Injection
Command Injection
Connection String Injection
Cookie not Sent Over SSL
Cookies Scoping
Cross Site History Manipulation
Dangerous File Upload
Dangerous Functions
Data Filter Injection
DB Paramater Tampering
Dead Code
Deprecated And Obsolete
DoS by Sleep
DoS by Unreleased Resources
Double Free
Environment Injection
Environment Manipulation
Files Canonicalization Problems
Files Manipulation
Frame Spoofing
Hardcoded Absolute Path
Hardcoded Password
Impersonation Issue
LDAP Injection
Password in Connection String
Process Control
Reflected XSS
Resource Injection
SQL injection
Stored XSS
UTF7 XSS
XPath Injection

Additional Resources

Case Study

Swiss Private Bank Chooses CxSAST

Whitepaper

How to choose a SAST solution

Video

What makes Checkmarx a good fit for DevOps, according to Microsoft.

Ready to Learn More?

Request a Demo