Get A Free Trial
Request Information
Resource Center
|
|
What is CodeSecure™
Armorize CodeSecure™ is a static source code analysis platform that leverages third generation software verification technologies to identify web application vulnerabilities throughout development. Our web-based solution provides automated compiler-independent code analysis that models tainted dataflow within the application. Reports pinpoint vulnerable code locations and offer prioritized remediation guidance, while SmartWAF™ integration facilitates immediate hot-fix remediation. CodeSecure™ offers proactive and cost-effective remediation for vulnerable code, representing a low-cost, risk-free alternative to the common build-first secure-later paradigm.
CodeSecure™ Advantages
Proactive Vulnerability Remediation
 |
|
Identifies vulnerable Web application source code throughout the application life cycle |
|
|
Facilitates early, efficient and cost-effective vulnerability remediation |
|
|
Detects vulnerabilities in ASP.NET, VB.NET, C#, Java/J2EE, JSP, EJB, PHP, Classic ASP and VBScript. |
|
|
Models Web application behavior and traces data flow from entry point to vulnerable file. |
|
|
Calculates outcome of tainted input propagation through the application |
|
|
Scans source code non-intrusively with no impact on running applications |
|
|
Integrates with code repository to enable automated code retrieval and analysis |
|
|
Aligns secure coding efforts with development processes by integrating with IDE and code check-in |
Third Generation Technology
|
|
Network appliance provides Web accessible role-based project and scan management interface |
|
|
Built-in language parsers facilitate compiler-independent analysis and flexible deployment |
|
|
Advanced formal verification algorithms and compiler-independence ensure fast and accurate vulnerability detection |
|
|
Compiler-independent analysis engine requires only source code access; there is no build-integration requirement |
|
|
Advanced Traceback feature traces tainted input from source code entry point, across functions, classes and files to resulting vulnerabilities |
Precision and Coverage
|
|
Built-in language parsers analyze source code independent of build environment |
|
|
Advanced formal verification algorithms and compiler-independence ensure extremely low false positive rates (<1%) |
|
|
Advanced Traceback feature tracks tainted input from source code entry point, across functions, classes and files to resulting vulnerabilities |
|
|
Interactive Web-based reports pinpoint vulnerable code locations |
Advanced Reporting
|
|
Offers interactive analysis and reporting via Web interface |
|
|
Includes detailed Traceback describing tainted data flow within application |
|
|
Highlights vulnerable security-related entry points, functions, and classes |
|
|
Prioritizes risk-based vulnerability remediation activities |
|
|
Provides remediation guidance with detailed sample exploitation and remediation code |
|
|
Automates customized technical and executive report distribution |
|
|
Supports PDF, HTML, XML reports and WAF export integration |
Low overhead
|
|
Web-based plug and play appliance deploys in minutes providing immediate multi-user access |
|
|
IDE Integration facilitates rapid operational adoption with minimal impact on established coding practices |
|
|
Web interface and onboard language parsers ensure zero installation overhead and build-environment independent operation |
|
|
Automated policy assignment, source code retrieval and scan scheduling reduce management overhead |
|
|
Active Directory integration eases access control management |
|
|
SmartWAF™ integration enables immediate vulnerability remediation (hot-fixing) |
CodeSecure™ Verifier
The CodeSecure™ Verifier appliance hosts the source code analysis and verification engine. Accessed via Web browser, Verifier offers a proactive scalable Web application security solution.
|
|
Delivers a centralized source code analysis platform for developers, managers and security personnel |
|
|
Facilitates simultaneous multi-project, multi-user and multi-platform code analysis |
|
|
Features intuitive Web interface for easy installation, setup and integration |
|
|
Facilitates simultaneous multi-project, multi-user and multi-platform code analysis |
CodeSecure™ is available as an enterprise level appliance, as a mobile appliance suitable for auditors and consultants or as a hosted Software-as-a-Service (SaaS) accessed through an Internet browser.
CodeSecure™ Workbench
CodeSecure™ Workbench facilitates source code analysis from within the developer IDE.
|
|
Downloadable IDE plug-in integrates with Visual Studio and Eclipse |
|
|
IDE integration facilitates desktop-level scanning, analysis and remediation |
|
|
Verifier integration ensures IDE scans do not consume developer PC resources |
|
|
Policy integration allows uniform scan configuration across developer IDEs |
|
|
CodeSecure™ Analysis: Scan Results and Reports
CodeSecure™ Dashboard: Project and Scan Overview
CodeSecure™ .NET WorkBench: VisualStudio Integration
CodeSecure™ Eclipse Plugin: Java and PHP
|
|
