Compliance & Risk Management

Checkmarx’s SAST technology enables organizations to easily and cost-effectively comply with most of the major regulatory requirements and industry standards. The risks involved with non-compliance and a potential security breach can be significant and include regulatory penalties, legal actions, and irreparable brand name damage.

PCI DSS

The Payment Card Industry Data Security Standard (PCI DSS) consists of a set of requirements that help create a secure environment for all companies that process, store or transmit credit card information. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express. It's now considered the cornerstone of financial sector application security.

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) standard defines how electronic (online) financial and administrative transactions should be executed by companies providing health plans and other healthcare provisions. Checkmarx’s solution includes the set of queries that scan your application’s source code and identifies sections that are non-compliant with HIPAA.

SANS 25

The SANS Institute, a cooperative research and education organization, offers resources that have been used by over 165,000 InfoSec professionals worldwide. CxSAST fully complies with the SANS 25 application security standard. This includes the 25 most dangerous software security errors that exist today – including insecure interaction between components and risky resource management.

OWASP Top 10

This commonly-acknowledged security standard is published by The Open Web Application Security Project (OWASP), the world’s largest application security non-profit organization. More and more companies from various industrial sectors are embracing this list, which consistently encompasses today's most critical web application security flaws. OWASP Top 10 2013 and OWASP Mobile Top 10 2014 are created and updated by AppSec experts from around the world.

MISRA

MISRA C is a dedicated software development standard for the C programming language developed by the Motor Industry Software Reliability Association (MISRA). Its aims are to facilitate code safety, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C. There is also a set of guidelines for MISRA C++, which the Checkmarx solution is also fully capable of testing.

MITRE CWE

Common Weakness Enumeration (CWE) is a software community project run by MITRE Corporation, a non-profit body that deals exclusively with application security. The project aims to help professionals understand the anatomy of vulnerabilities and software flaws. Applications today are required to be "CWE-Compatible" or "CWE-Effective", something that can be addressed with CxSAST.

BSIMM

Build Security In Maturity Model (BSIMM) is a software security measurement framework that helps organizations gauge their software security and build a maturity model based on actual data gathered from real-world software security initiatives. CxSAST deals with the code review aspect of this security framework.

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.