Forrester Report: Why to automate AppSec now.

Compliance & Risk Management

Checkmarx’s SAST technology enables organizations to easily and cost-effectively comply with most of the major regulatory requirements and industry standards. The risks involved with non-compliance and a potential security breach can be significant and include regulatory penalties, legal actions, and irreparable brand name damage.


The Payment Card Industry Data Security Standard (PCI DSS) consists of a set of requirements that help create a secure environment for all companies that process, store or transmit credit card information. The PCI DSS was created jointly in 2004 by four major credit-card companies: Visa, MasterCard, Discover and American Express. It's now considered the cornerstone of financial sector application security.


The Health Insurance Portability and Accountability Act (HIPAA) standard defines how electronic (online) financial and administrative transactions should be executed by companies providing health plans and other healthcare provisions. Checkmarx’s solution includes the set of queries that scan your application’s source code and identifies sections that are non-compliant with HIPAA.


The SANS Institute, a cooperative research and education organization, offers resources that have been used by over 165,000 InfoSec professionals worldwide. CxSAST fully complies with the SANS 25 application security standard. This includes the 25 most dangerous software security errors that exist today – including insecure interaction between components and risky resource management.

OWASP Top 10

This commonly-acknowledged security standard is published by The Open Web Application Security Project (OWASP), the world’s largest application security non-profit organization. More and more companies from various industrial sectors are embracing this list, which consistently encompasses today's most critical web application security flaws. OWASP Top 10 2013 and OWASP Mobile Top 10 2014 are created and updated by AppSec experts from around the world.


MISRA C is a dedicated software development standard for the C programming language developed by the Motor Industry Software Reliability Association (MISRA). Its aims are to facilitate code safety, portability and reliability in the context of embedded systems, specifically those systems programmed in ISO C. There is also a set of guidelines for MISRA C++, which the Checkmarx solution is also fully capable of testing.


Common Weakness Enumeration (CWE) is a software community project run by MITRE Corporation, a non-profit body that deals exclusively with application security. The project aims to help professionals understand the anatomy of vulnerabilities and software flaws. Applications today are required to be "CWE-Compatible" or "CWE-Effective", something that can be addressed with CxSAST.


Build Security In Maturity Model (BSIMM) is a software security measurement framework that helps organizations gauge their software security and build a maturity model based on actual data gathered from real-world software security initiatives. CxSAST deals with the code review aspect of this security framework.