CodeSecure™ implements complex Static Source Code Analysis and Verification technology on a Web-based plug-and-play appliance. This low-overhead solution ensures vulnerability-free and hacker-proof web applications, and represents a more cost-effective and lower-risk alternative to the common build-first secure-later paradigm.
- Web-based automated Static Source Code Analysis and Verification platform.
- Onboard compiler for assessment of Java, PHP, ASP and .NET web application source code.
- Appliance-based browser-accessible solution requires no additional hardware, software installation or integration with build server.
- Ease of installation and configuration with minimal overheads and maximum scalability across the enterprise
- Detects vulnerabilities early in the Software Development Life Cycle (SDLC) such as Dataflow attacks, Cross Site Scripting (XSS),
- Injection (SQL, File, XPATH, reflection, etc.), File Inclusion/execution & Information Leakage.
- Non intrusive source code scans pinpoint the exact vulnerability providing a trace between the attack entry point and the vulnerable statement. This allows developers to see the direct relationship between their coding practices and the overall security posture of the application.
- Enterprise interface and IDE-integration ensure that vulnerabilities are identified, understood and remedied with minimal cost and impact on project progress.
- CodeSecure™ is available as an enterprise-level appliance or as a hosted software service
For more information, download the CodeSecure™ Brochure
CodeSecure™ Workbench, designed for the individual developer offers source code analysis from within the developer IDE.
- Plug-in downloaded directly from CodeSecure™ Verifier, integrates with developer IDE
- Leverages the appliance’s enterprise-level resources to scan developer’s code
- Provides an easily navigable desktop environment in which source code vulnerabilities can be detected, analyzed and removed.
- Desktop level scans can be controlled by enterprise-level policies
At the heart of the CodeSecure™ environment is CodeSecure™ Verifier. This enterprise-level pattern-free, static source code analysis and verification appliance offers the following:
- Centralized source code analysis platform for developers, managers and security personnel
- Simultaneous scanning of multiple projects across multiple platforms and programming languages
- Ease of installation, setup and integration with the source code repository
- Integration with development processes ensuring a code security mindset from the outset.
For more information on CodeSecure™ Verifier platform, download the CodeSecure™ Verifier Datasheet
With its built-in support for PHP, JAVA, .NET and ASP, CodeSecure™ does not require any integration with the build server. Once the appliance is on the network, source code scanning projects are set up through the browser interface in 5 easy steps.
- Create project specifying language type & source code location
- Set Scanning policies
- Run on demand scan or set schedule
- Set reporting options (Detail, format, distribution, etc.)
- Run the Scan
Trackback from your site.