- Static Code Analysis
- Supported Languages
- Vulnerability Coverage
- Application Security Testing
According to a recent study conducted by 7Safe on 64 real incidents, 86% of cyber attacks are performed on applications versus networks while only 11% of security spending is geared towards application hardening.
Applications are marginally protected by application firewalls. Methods like vulnerability detection using Dynamic Testing which are simulating attacks on the running applications cannot identify all the problems nor can it show how to fix them.
It comes as no surprise that Gartner’s 2011 Magic Quadrant for Static Application Security Testing (SAST) states that, “SAST should be considered a mandatory requirement for all IT organizations that develop or procure application”.
Why Static Code Analysis?
Static code analysis (SCA) delivers security and the requirement of incorporating security into the software development lifecycle (SDLC). It is the only proven method to cover the entire code base and identify all the vulnerable patterns using static code analysis tools. In static code analysis the entire code base is abstracted and all code properties and code flows are exposed. Checkmarx goes beyond all other static code analysis tools and store all these code properties in an open and query-able data base.
Cyber attacks have certain identifiable patterns and finger prints. A secure SDLC process integrates static code analysis in order to match suspicious patterns with code properties. The auditors and developers have immediate access to the problem and can mitigate it easily.
Checkmarx innovated an open platform using Static code analysis overcoming many shortcomings of other static code analysis tools. We provide user friendly, highly productive, flexible and accurate risk intelligence platform.
What do the experts say?
- “SAST for security vulnerabilities should be a mandatory requirement for all IT organizations that develop or procure applications. Ideally, application vulnerability detection would be conducted continuously during the entire software life cycle (SLC).” (Gartner)
- “92% of exploitable vulnerabilities are in software” (National Institute of Standards and Technology – nist.gov)
- “Application Vulnerabilities exceed OS Vulnerabilities” (SANS – sans.org)
- “Application Security is no longer a choice” (OWASP)
- “90% of sites are vulnerable to application attacks” (Watchfire)
- “78% percent of easily exploitable vulnerabilities affect Web applications” (Symantec)