CodeSecure – Security Code Review Engine

CodeSecure™ implements complex Static Source Code Analysis and Verification technology on a Web-based plug-and-play appliance. This low-overhead solution ensures vulnerability-free and hacker-proof web applications, and represents a more cost-effective and lower-risk alternative to the common build-first secure-later paradigm.

CodeSecure - Security Code Review Engine

  • Web-based automated Static Source Code Analysis and Verification platform.
  • Onboard compiler for assessment of Java, PHP, ASP and .NET web application source code.
  • Appliance-based browser-accessible solution requires no additional hardware, software installation or integration with build server.
  • Ease of installation and configuration with minimal overheads and maximum scalability across the enterprise
  • Detects vulnerabilities early in the Software Development Life Cycle (SDLC) such as Dataflow attacks, Cross Site Scripting (XSS),
  • Injection (SQL, File, XPATH, reflection, etc.), File Inclusion/execution & Information Leakage.
  • Non intrusive source code scans pinpoint the exact vulnerability providing a trace between the attack entry point and the vulnerable statement. This allows developers to see the direct relationship between their coding practices and the overall security posture of the application.
  • Enterprise interface and IDE-integration ensure that vulnerabilities are identified, understood and remedied with minimal cost and impact on project progress.
  • CodeSecure™ is available as an enterprise-level appliance or as a hosted software service

For more information, download the CodeSecure™ Brochure

CodeSecure™ Workbench

CodeSecure™ Workbench, designed for the individual developer offers source code analysis from within the developer IDE.

  • Plug-in downloaded directly from CodeSecure™ Verifier, integrates with developer IDE
  • Leverages the appliance’s enterprise-level resources to scan developer’s code
  • Provides an easily navigable desktop environment in which source code vulnerabilities can be detected, analyzed and removed.
  • Desktop level scans can be controlled by enterprise-level policies

Automatic Code Review

CodeSecure™ Verifier

At the heart of the CodeSecure™ environment is CodeSecure™ Verifier. This enterprise-level pattern-free, static source code analysis and verification appliance offers the following:

  1. Centralized source code analysis platform for developers, managers and security personnel
  2. Simultaneous scanning of multiple projects across multiple platforms and programming languages
  3. Ease of installation, setup and integration with the source code repository
  4. Integration with development processes ensuring a code security mindset from the outset.

Security Code Review

For more information on CodeSecure™ Verifier platform, download the CodeSecure™ Verifier Datasheet

With its built-in support for PHP, JAVA, .NET and ASP, CodeSecure™ does not require any integration with the build server. Once the appliance is on the network, source code scanning projects are set up through the browser interface in 5 easy steps.

  1. Create project specifying language type & source code location
  2. Set Scanning policies
  3. Run on demand scan or set schedule
  4. Set reporting options (Detail, format, distribution, etc.)
  5. Run the Scan

Download the CodeSecure™ Brochure and Datasheet

Related Content:

  1. On-Demand Code Analysis
  2. HackAlert – Web Application Intrusion Detection
  3. Web Application Firewall
  4. Manual Security Code Review
  5. Code Review and Web Application Security Assessment For a US State Department

Tags: , , ,

Trackback from your site.

Facebook Fan Club