Vulnerability Coverage

Out-of-the-box Support For All Major Standards

Supported Vulnerabilities and Standards

CxSAST is fully capable of identifying vulnerabilities and loopholes that are officially documented or enforced by OWASP Top-10, SANS 25, PCI DSS, HIPAA, MISRA, Mitre CWE, FISMA and BSIMM. With the help of our unique open query language, you can easily create your own security policy consisting of the vulnerabilities most important to your organization.

Detection Throughout The Spectrum

Sample Of Covered Software Vulnerabilities (OWASP Top 10 & more)

HIGH RISK
  • CGI Reflected XSS
  • CGI Stored XSS
  • Code Injection
  • Command Injection
  • Connection String Injection
  • LDAP Injection
  • Process Control
  • Reflected XSS
  • Reflected XSS All Clients
  • Resource Injection
  • SOQL SOSL Injection
  • SQL injection
  • Second Order SQL Injection
  • Stored XSS
  • UTF7 XSS
  • XPath Injection
MEDIUM THREAT
  • Acces Control
  • Buffer Overflow
  • CGI Reflected XSS All Clients
  • CGI Stored XSS
  • CGI XSS
  • Cookies Scoping
  • Cross Site History Manipulation
  • DB Paramater Tampering
  • Dangerous Functions
  • Data Filter Injection
  • DoS by Sleep
  • Double Free
  • Environment Injection
  • Environment Manipulation
  • Files Manipulation
  • Frame Spoofing
LOW VISIBILITY
  • Arithmetic Operation On Boolean
  • Blind SQL Injections
  • Client Side Only Validation
  • Cookie not Sent Over SSL
  • Dangerous File Upload
  • Dead Code
  • Deprecated And Obsolete
  • Deprecated CRT Functions VS2005
  • DoS by Unreleased Resources
  • Equals without GetHashCode
  • Escape False Warning
  • Files Canonicalization Problems
  • Hardcoded Absolute Path
  • Hardcoded Password
  • Password in Connection String
  • Impersonation Issue

Interested in trying CxSAST on your own code? You can now use Checkmarx's solution to scan uncompiled / unbuilt source code in 18 coding and scripting languages and identify the vulnerable lines of code. CxSAST will even find the best-fix locations for you and suggest the best remediation techniques. Sign up for your FREE trial now.

Checkmarx is now offering you the opportunity to see how CxSAST identifies application-layer vulnerabilities in real-time. Our in-house security experts will run the scan and demonstrate how the solution's queries can be tweaked as per your specific needs and requirements. Fill in your details and we'll schedule a FREE live demo with you.