|
Checkmarx is a software security company and a software vendor. The company was founded in 2006 and provides products that identify and remove security vulnerabilities from software applications. Its initial funding was provided by Ofer Brothers Group . Security Research Checkmarx runs the Checkmarx Research Labs which researches various security issues , and present their results in security conferences, such as OWASP Israel. Recent works of the lab include Decompilation Injection , ReDoS (Regular Expression Denial of Service) Revisited and Checkmarx Virtual Compiler . Products Checkmarx Static code analysis (SCA) products focus on vulnerability detection and remediation, secure development and auditing, and security reporting and metrics. All use the CxQL, the Checkmarx Query Language in order to query the source code. CxQL CxQL (Checkmarx Query Language) is a query language by Checkmarx used for querying analyzed source code for security vulnerabilities, best coding practices, or any other issue an auditor would like to investigate within a code. CxQL is very much like a database querying language. It is part of Checkmarx's CxSuite. The tools were built with the purpose of scanning sources (actual text files), analyzing them and allowing the CxQL to investigate them for security vulnerabilities and other issues. It can look for predicates in the language with specific characteristics, and find the connection between them, using Data Flow Graphs. For example : :CxList input = All.FindByName("*Input"); :CxList clean = All.FindByShortName("sanitize"); :CxList execute = All.FindByShortName("callDatabase"); :result = execute.InfluncedByAndNotSanitized(input, clean); Therefore find vulnerabilities in flow and in structure of the program. Programming languages that are supported and can be queried: .NET, Java, C/, Classic ASP and Salesforce.com's APEX and Visual Force .
|
|
|