Checkmarx CxSuite® is a powerful Source Code Analysis (SCA) solution designed for identifying, tracking and fixing technical and logical security flaws from the root: the source code.
CxSuite provides a high degree of flexibility and configurability by supporting a wide range of vulnerability categories, OS platforms, programming languages and frameworks. By seamlessly integrating into the Software Development Life Cycle (SDLC), Checkmarx’s automatic code review suite allows organizations to address the challenge of securing the code while cutting down on time and cost.
CxSuite was described as Visionary technology in Gartner’s latest SAST (Static Application Security Testing) magic quadrant.
Only with Checkmarx can auditors test code at the earliest stages of the SDLC. Further, auditors can easily conduct spot checks without worrying about duplicating development environments.
This is especially important for inspecting complex legacy applications where auditors can quickly inspect code with no setup.
Discovering real vulnerabilities with little overhead
CxSuite allows scanning large projects in unparallel speed and accuracy. While requiring little overhead from its operators, CxSuite delivers precise results and recommended methods for remediation of vulnerable code lines. CxSuite allows developers to address the application security issues both efficiently and effortlessly.
Achieve code perfection
CxSuite is used by developers, team leaders and management for obtaining audit results and reviewing vulnerabilities and attacks patterns within the lines of code. It enables high-level viewing of scan results, including flow analysis, vulnerability representation within the code, and filtering and sorting vulnerable lines of code. Using a user-friendly graphic interface CxSuite allows developers to load specific reviewed projects and investigate the detailed results of security vulnerabilities, business logic attacks, and best practices compliance.
Once a code is reviewed by either an external or internal auditor or by a team leader, the results of the security code review are archived by project name and review date. It is then the task of the developers to go back and make the required changes according to the review findings. CxSuite turns the difficult task of reviewing audit results, understanding security vulnerabilities and making the desired correction a simple process. CxSuite presents the entire code, including highlighted vulnerable code lines and attack flows, so that developers can familiarize themselves effortlessly with the project and make the right corrections efficiently and rapidly.
Developers browse the user-friendly CxSuite interface and step-by-step go over reviewed code in order to locate and make the desired corrections. In a virtually ZERO false-positives audit result, developers find the vulnerabilities directly in the code with step-by-step flow representation. This allows them to identify the vulnerability at the source and follow its root throughout the entire code. The attack flow enables not only the rapid correction of the flaws, but training and education for the developers, for future programming
CxSuite is used by management to review project security audits of different development teams. With a succession of just a few clicks, they can easily select a project and the review the audit results. CxSuite allows both browsing the results using the Cx interface, or producing a comprehensive report for reviewing, publishing or printing.