Checkmarx Suite® is the most powerful Source Code Analysis (SCA) solution designed for identifying, tracking and fixing security flaws from the root: the source code.

CxSuite provides a high degree of flexibility and configurability by supporting a wide range of vulnerability categories, operating system (OS) platforms, programming languages and frameworks. By integrating into the Software Development Life Cycle (SDLC), Checkmarx’s automatic code review suite allows organizations to address the challenge of securing the code while cutting down on time and costs.

The widest range of vulnerability checks•Virtually zero false-positive results•Hundreds of out-of-the-box security queries•Pinpoints business-logic flaws•Integration into the SDLC•Complete verification and tracking of each result•Graphical representation of discovered vulnerabilities•

Scan unbuilt code - without a compiler

The Virtual Compiler enables developers to test code anywhere, anytime, while avoiding problems of compiler and operating system compatibility. Developers can test uncompiled and unlinked code, their independent modules or any other application subsets in a true developer desktop deployment that reinforces good security awareness and practices as the code is written

Visualization of vulnerabilities is the key to quick remediation of insecure code. The CxSuite presents all the path details that describe the vulnerability’s full anatomy. A sophisticated patented engine locates and graphically presents a full attack path in the code for quick review. This feature allows user-friendly, effortless identification of vulnerable lines of code for remediation.

checkmarx patented

virtual compiler

the next generation of code auditingOnly with Checkmarx can auditors test code at the earliest stages of the SDLC. Further, auditors can easily conduct spot checks without worrying about duplicating development environments. This is especially important for complex legacy applications where auditors can quickly inspect code with no setup.

it’S all about

accuracy

CxSuite iS deSigned for accurate and effective reSultS:

manage the riskse n t e r p r i S e e d i t i o nCxSuite®

ITAS Corp • Telephone: +84-8-38931952 • Website: www.itas.vn • Email: info@itas.vn

extremely accurate

patened virtual compiler

attack flow visualization

next generation query language

vulnerability coverage

business logic vulnerability review

enforcement

user hierarchy support

results reporting & export

multitier architecture

Checkmarx is the leading provider for source code analysis. Founded in 2006, Checkmarx provides comprehensive solutions for automated security code review. Its technology is used by large corporations and small and medium-sized organizations across all industries. Checkmarx pioneered the concept of a query language-based solution for tracking technical and logical code vulnerabilities, and continues to bring new innovative solutions to market to fulfill its vision for a hacker free world.

SQL Injection•Cross-site scripting•Code injection•Buffer overflow•Parameter tampering•Cross-site request forgery•HTTP splitting•Log forgery•DoS•

Session fixation•Session poisoning•Unhandled exceptions•Unreleased resources•Unvalidated input•URL redirection attack•Dangerous files upload•Hardcoded password•And more…•

induStry vulnerability claSSification: OWASP top 10 /SANS 20 / mitre CWE

comprehenSive vulnerability Severity categorization:High-risk / medium-threat / low-visibility / best-coding practice

about checkmarx

Virtually zero false-positives provide an effective solution to include in the SDLC

Scan unbuilt code—without a compiler

Each vulnerability attack path is fully presented for easy investigation

An intuitive query language is available for tailoring checks to customer needs

Hundreds of out of the box security checks suited for every organization

Unmatched capability of investigating architectural flaws

Customization of queries allows programming policy verification

Extensive user and privilege management capabilities

Full dashboard report for Projects, Tasks. Export to numerous formats: xml, csv, etc. Integration with ticketing systems

Manager server, multiple scan engines and click-once thin clients

CapabilitieS

out of the box vulnerability query SampleS:

DeSCription anD aDvantageS

Virtually unlimited project size• Supports all major development languages •from multiple OS platforms. Web services, websites and client-server based •applications support Enforces coding practices and regulatory •requirements (PCI, HIPAA, SOX, and more...) Hundreds of out of the box security checks and •compliance standards

countleSS Scalability featureS for effective integration into the Sdlc:

investigate the Scans

coding practice

Phu Nhuan Dist, HCMC, VietnamWebsite:www.itas.vnPhone: 08-38931952

ITAS Corp • Telephone: +84-8-38931952 • Website: www.itas.vn • Email: info@itas..vn

Vietnam Partner: ITAS Corp 459A Nguyen Kiem St.,Ward 9,