Checkmarx CxDeveloper
CxDeveloper Works the Way You Do
Software developers need the tools that will allow them to create and update their code quickly and accurately.With modern agile and classic iterative processes, its critical not to slow things down or add unnecessary overhead to daily activities. Software teams have historically been saddled with expensive static analysis tools that had high false positive rates and required significant consulting to integrate them into the development process. Trust in the tools is low when false positive rates are high. Every reported issue needs to be verified, which dramatically increases the amount of time teams spend in code review, which in turn may lead to a reduction in overall usage, and perhaps even abandoning the practice altogether. | Benefits High Performance Minimal false positives High KLOC throughput 32 & 64 bit operation Multiple languages: C/C++, Java, C#, APEX |
CxQL Embedded Query
Language Completely extensible Interactive Development Rapid updates to threats Integration Stand alone or IDE Visual Studio 2005, 2008 Eclipse 3 |
CxDeveloper is the next generation of static security analysis tooling for .NET and J2EE environments. Employing high performance in-memory code models and a purpose-built query language, CxDeveloper, part of the static analysis family of products from Checkmarx, is the fastest, most accurate and most extensible static security analysis tool on the market. False positive rates are extremely low because the entire code path, from presentation back to root cause, is verified before its reported as a defect. Hundreds of out of the box queries allow developers to cover a wide range of vulnerability checks with virtually zero false-positives. Step by step wizards guide developers through the process of analyzing the code to produce the most accurate and useful results. Integration with Visual Studio allows audit, scanning and analysis activities to be executed from within the shell, while a complete standalone UI, as well as CLI capability, meets the needs of security auditors and constant integration environments.
Fast and Accurate Static Analysis
Static analysis is an automated code review mechanism that allows development teams to scan their source code for programming errors, including those that lead to security vulnerabilities. Using analysis tools in normal manual review process can speed things up immensely by quickly uncovering known patterns of failure and alerting developers.
|
Try CxDeveloper on Your Code - Free - For a Limited Time
Get a free source code scan of up to 10,000 lines of code. With virtually zero false-positives, this highly accurate tool is sure to surprise you if you are using other tools available in the market today. Call +1.978.694.1008, ext. 24 for details, or email. |
What to Look for When Choosing a Source Code Analysis (SCA) Solution
 |
Accurate and rapid results |
|
Virtually zero false-positives |
|
|
Valuable results for effective remediation |
|
Low overhead and trouble-free deployment |
|
|
Scanning near-compiling code |
|
Coverage of Vulnerability Types |
|
|
Configurable Queries |
|
Scalability |
|
|
Cost Effective |
|
Usability |
Technical Specifications
| System Requirements | Supported Platforms | Supported Languages |
| Windows XP, Vista, Windows Server 2003/2008 | Microsoft .NET | C/C++ |
| 2 Ghz CPU (32 or 64 bit) | J2EE | Java |
| 2 GB RAM minimum | C# | |
| 200 MB disk space | APEX | |
| Easily adaptable for other languages |
