Download pdf - Find, prioritize and manage KEY BENEFITS€¦ · Find, prioritize and manage software vulnerabilities, fast and affordably KEY BENEFITS Enhanced Vulnerability Coverage n Discovery

Transcript
Page 1: Find, prioritize and manage KEY BENEFITS€¦ · Find, prioritize and manage software vulnerabilities, fast and affordably KEY BENEFITS Enhanced Vulnerability Coverage n Discovery

Find, prioritize and manage software vulnerabilities, fast and affordably

KEY BENEFITSEnhanced Vulnerability Coveragen Discovery of more weaknesses

than any single analysis tooln Higherconfidenceindetecting

weaknesses with multiple tools

Efficient and Prioritized Remediationn Rapidtriageoffalsepositives n Improvedassessmentofseverity andcriticalityn SourcecodelinkedtovulnerabilitiesnDe-duplicationofresults

Enhanced Collaborationn Securityanddevelopmentteamsnowhaveasharedtooltocommunicatefindingsanddiscussremediation

SDLC Tool Supportn Supportforintegrateddevelopment

environments (IDEs), continuous integration environments, version control systems,andissuetrackingsystems

Visualization and Interactionn Moreunderstandabledataformatn Focus on the most important weaknesses determinedbytheuser

Easy to Get Startedn Fastandeasyinstallation–upandrunning

in 10 minutesn Automaticallyrunsbundledopensource

SAST toolsn Supports multiple DAST toolsn Affordablypricedforsmall-to-medium sizedbusinesses

Who uses Code Dx?n Software Developersn Security Analystsn Software Testersn Quality Assurance Analystsn ComplianceAuditorsn Accreditorsn CISOs

Usesn Securesoftwaredevelopmentn Security & Quality Assurance reviewsn Verification&Accreditationsupportn Compliance reviewsn Codeauditsn Pre-procurement software evaluations

CodeDxisasoftwarevulnerabilitymanagementsystemthatbringstogether avarietyofcodeanalysistoolsthatenableyoutolocateandfixvulnerabilitiesinthecodeyouwrite,inthelanguagesyouuse,andatalowcost.

THE PROBLEMOver90%ofcomputersecurityincidentsareduetoweaknessesinsoftware.TheseweaknessescanexposevulnerabilitiesthatputyourbusinessatriskforattackssuchasSQLinjectionandcross-sitescripting,leadingtodataloss,corruption,orevenahosttakeover.Staticanddynamiccodeanalysistoolscan helpyoufindtheseweaknesses.However,commercialtoolsaretypicallycostly,andwhileopensourcetoolsare“free,”theystillrequireconsiderablehumanresourcestoconfigureandrun.Regardlessofwhetheryouarerunningacom-mercialoropensourcecodeanalysistool,nosingletoolprovidessufficientcodecoverage.Youhavetorunmultipletools,andtediouslycorrelatetheresults.

THE SOLUTIONCodeDxrunsasuiteofpreconfigured,fullyintegrated,multi-language,opensourcestaticcodeanalysistoolsagainstyourcodebase.Itcanalsoincorporatetheresultsofcommercialstaticanddynamictools,andmanualanalysis,andautomaticallycorrelatesalltheweaknessesintoasingleconsolidatedset,viewablefromasingleuserinterface—withcustomizablereportspresentedinaneasytounderstandvisualdisplay.

FACT SHEET

Page 2: Find, prioritize and manage KEY BENEFITS€¦ · Find, prioritize and manage software vulnerabilities, fast and affordably KEY BENEFITS Enhanced Vulnerability Coverage n Discovery

FEATURE COMPARISON (SE) (EE)Operating system supportWindows(7,8,10&Server2012R2+) 4 4

MacOSX10.8+ 4 4

Linux(Ubuntu,Fedora,Debian, 4 4

RHEL,andCentOS)

Language supportC/C++ 4 4

Java 4 4

Javascript 4 4

JSP 4 4

.NET(C#,VisualBasic) 4 4

Python 4 4

Ruby 4 4

Commercial SAST tool supportCheckmarx Coverity 4

HPFortify IBMAppScan 4

Parasoft Veracode 4

ArmorizeCodeSecure 4

GrammaTechCodeSonar 4

WhiteHat Sentinel Source 4

IDE supportMSVisualStudio 4 4

Eclipse 4 4

Issue tracking supportJIRA 4 4

Continuous integration supportJenkins 4 4

REST API 4 4

Version control system supportGit 4 4

3rd party software library checkersOWASPDependency-Check 4 4

Retire.js 4 4

Free & open source SAST tool supportAndroidLint Clang 4

ErrorProne Jlint 4

OCLint 4

Brakeman CAT.NET 4 4

CheckStyle CppCheck 4 4

FindBugs FxCop 4 4

Gendarme JSHint 4 4

PMD Pylint 4 4

Free, open source & commercial DAST tool supportAcunetix Arachni 4

BurpSuite HPWebinspect 4

IBMAppScan Netsparker 4

OWASPZAP Veracode 4

WhiteHat Sentinel Dynamic 4

Code Dx Standard Edition (SE)TheStandardEditiongivesyouthepowertostartwritingsecureapplicationsquickly,efficientlyandinexpensively.JustloadyoursourcecodeintoCodeDxanditwillautomaticallyselecttheappropriatetoolsforfindingweaknesses.

Code Dx Enterprise Edition (EE)TheEnterpriseEditionprovidesallofthepowerfulfeaturesoftheStandardEdition—anditexpandsyourcoveragebyworkingseamlesslywithcommercialstaticanddynamictestingtools.Atthesametime,itallowsforfindingstobeaddedmanually.Thecorrelation,normalizationandde-duplicationofresultsfrommultipletoolsproducesaconsolidatedsetofresults,withgreatercoverageofvulnerabilitiesandabetterassessmentofyouroverallsoftwaresecurityrisk.

KEY FEATURES Contains over 1,500 configurable security/quality rules covering multiple programming languages

Automatically configures and runs many bundled static source code analysis tools Checks third-party software component libraries for known vulnerabilities Maps results to the Common Weakness Enumeration (CWE) and industry standards (OWASP Top 10, SANS Top 25, PCI-DSS and others)

Combines and normalizes the output of multiple SAST tools, third party vulnerabilities, DAST tools (EE only) and manual findings (EE only) into a single consolidated set of results on a common severity scale.

Merges duplicate results with customizable correlation logic. Visual analytics for triage and prioritization of software weaknesses Robust data filtering supports detailed drill-down and organization of weaknesses Links correlated weaknesses to specific line of source code Search filter capability enables in-depth exploration of results Browser-based user interface used to assign, collaborate, and track weakness remediation

Generates customizable CSV, XML and PDF assessment reports Plug-ins provide support for popular Integrated Development Environments (Eclipse/Visual Studio) and continuous integration environments (Jenkins)

REST API enables integration with automated build servers Integrates with the popular JIRA Issue Tracker and provides support for custom JIRA fields

Integrates with the Git Version Control System Supports XML input for integration to custom or proprietary analysis tools

SpecificationsCodeDxisabrowser-basedapplicationthatyouinstalllocally.TheapplicationrunsonWindows,LinuxandMacplatforms,andallmodernbrowsersaresupported.

About Code DxCodeDxgrewoutofresearchfundedbytheDepartmentofHomelandSecurityScience&Technology(DHSS&T)Directorate.DHSiscommittedtoimproving thesecurityofthenation’sinformationinfrastructure.

CodeDxisproudtobeapartoftheDHSS&TSoftwareAssuranceMarketplace(SWAMP),acollaborativemarketplaceforcontinuoussoftwareassurance.


Recommended

Preparing the “BACK OFFICE” · resume. After all processes or services are identified, prioritize them according to necessity to resume operations. Critical function is to manage
Preparing the “BACK OFFICE” · resume. After all processes or services are identified, prioritize them according to necessity to resume operations. Critical function is to manage Documents
EMC ANZ Momentum User Group 2011- Business Track- Find, Manage & Share
EMC ANZ Momentum User Group 2011- Business Track- Find, Manage & Share Business
How to ditch objectives (and find a simpler way to manage performance)
How to ditch objectives (and find a simpler way to manage performance) Recruiting & HR
Information Risk is Business Risk - Find and Manage Yours
Information Risk is Business Risk - Find and Manage Yours Business
How to Prioritize Projects?
How to Prioritize Projects? Business
Prioritize, Target, and Measure Application · Scale of Work and WRAPS Translation TMDL/WRAPS ‐ Prioritize Water Quality 1W1P –Prioritize, Target, Measure Implement & Continue
Prioritize, Target, and Measure Application · Scale of Work and WRAPS Translation TMDL/WRAPS ‐ Prioritize Water Quality 1W1P –Prioritize, Target, Measure Implement & Continue Documents
Find, prioritize, and manage source€¦ · 2017-02-07  · Easy static source code security and quality analysis, from Find, prioritize, and manage source code flaws and vulnerabilities,
Find, prioritize, and manage source€¦ · 2017-02-07  · Easy static source code security and quality analysis, from Find, prioritize, and manage source code flaws and vulnerabilities, Documents
Prioritize Prepare Practice - Connecticut
Prioritize Prepare Practice - Connecticut Documents
How to: Find, Hire, and Manage Inbound Marketers
How to: Find, Hire, and Manage Inbound Marketers Marketing
Gifts and Hospitality Reporting & Oversight · ENTERPRISE RISK MANAGEMENT: Identify, prioritize and manage risk areas across your organization. Automate the assessment of risks and
Gifts and Hospitality Reporting & Oversight · ENTERPRISE RISK MANAGEMENT: Identify, prioritize and manage risk areas across your organization. Automate the assessment of risks and Documents
Business Process Improvement - improve.ucsf.edu Step 1... · (PDCA) • Manage Change • Identify Problems and Root Causes • Identify Improvements • Prioritize • Design Future
Business Process Improvement - improve.ucsf.edu Step 1... · (PDCA) • Manage Change • Identify Problems and Root Causes • Identify Improvements • Prioritize • Design Future Documents
A protocol to prioritize wetland restoration and creation ...digital.csic.es/bitstream/10261/77887/1/Comin_protocol to prioritize... · protocol to prioritize wetland restoration
A protocol to prioritize wetland restoration and creation ...digital.csic.es/bitstream/10261/77887/1/Comin_protocol to prioritize... · protocol to prioritize wetland restoration Documents
 · Organization & Time Mana ement Plan and prioritize tasks to get things done on time Manage your environment, resources, and time ro DO usr: UPDATE
 · Organization & Time Mana ement Plan and prioritize tasks to get things done on time Manage your environment, resources, and time ro DO usr: UPDATE Documents
Manage multiple assignments at the same time Be ......Manage multiple assignments at the same time • Prioritize academics • Be Independent Learners • Complete homework with little
Manage multiple assignments at the same time Be ......Manage multiple assignments at the same time • Prioritize academics • Be Independent Learners • Complete homework with little Documents
En.requirements Validation Prioritize
En.requirements Validation Prioritize Documents
FIND AND VIEW A REQUISITION - Human Resources at MIThrweb.mit.edu/system/files/Manage_Applicants_Guide.pdf · peoplefluent APPLICANT TRACKING SYSTEM MANAGE APPLICANTS FIND AND VIEW
FIND AND VIEW A REQUISITION - Human Resources at MIThrweb.mit.edu/system/files/Manage_Applicants_Guide.pdf · peoplefluent APPLICANT TRACKING SYSTEM MANAGE APPLICANTS FIND AND VIEW Documents
An Insider’s Guide to SD-WAN · manage their network traffic and even prioritize mission critical applications. • Healthcare organizations can reduce costs by driving some of
An Insider’s Guide to SD-WAN · manage their network traffic and even prioritize mission critical applications. • Healthcare organizations can reduce costs by driving some of Documents
NaviGate OMS Module 15 - gatekeeper.comFeb 23, 2016  · The NaviGate Outage Management Module (OMS) is designed to help storm management personnel prioritize, and manage the restoration
NaviGate OMS Module 15 - gatekeeper.comFeb 23, 2016  · The NaviGate Outage Management Module (OMS) is designed to help storm management personnel prioritize, and manage the restoration Documents