AST Digital Magazine June 2017 Digital-June | Page 61

Volume 13
tus of third-party libraries that may be built into
the code.
Enterprise then automatically consolidates the
findings of these pre-configured tools with the
vulnerabilities found by other commercial or open
source static and dynamic tests, and through
manual code reviews; and then removes dupli-
cates.
(Watch and Learn… The award-winning Code Dx solution in-
tegrates the results of multiple static and dynamic Application
Security Testing (AST) tools and manual reviews into a con-
solidated set of results for quick and easy triage, prioritization
and remediation. Courtesy of Code Dx and YouTube)
It also maps all the findings to industry and gov-
ernment standards, so that the user can rapidly
see which vulnerabilities are potential violations
of HIPAA, PCI or DISA STIG regulations.
Additionally, it can be used when source code is
not available to the security analyst by doing its
work using the results from just DAST (i.e. au-
tomatic penetration testing conducted while the
code is running).
Finally, Enterprise does its work within the inte-
grated development environment, so developers
and security analysts can conduct their security
tests and remediate the problems within their
normal workflow.
Code Dx Enterprise Key Features – Extends
software vulnerability management to include
results of hybrid application security testing
techniques: static, dynamic and manual anal-
yses
June 2017 Edition
• Includes all of the features in Stat!
• Enables manual entry of independently identi-
fied weaknesses, for example, from manual
code reviews
• Integrates the results from multiple commer-
cial static source code analysis testing tools –
see a list of commercial SAST tools that Code
Dx supports.
• Provides support for several dynamic applica-
tion security testing tools – see a list of open
source and commercial DAST tools that Code
Dx supports.
• Combines and normalizes the output of SAST
and Dynamic Application Security Testing
(DAST) tools, third-party vulnerabilities and
manual findings into a consolidated set of re-
sults on a common severity scale
• New Tool Connectors allow configuration
and integration with third-party analysis tools
(such as WhiteHat Sentinel and Checkmarx
CxSAST), providing automatic incorporation
of tool results into the Code Dx Enterprise
analysis resultset
Code Dx Enterprise differentiates itself from
its competitors on ease of use, affordability,
the number and types of static and dynamic
testing tools supported, and seamless inte-
gration into software development environ-
ments.
It is priced on a simple per-user license and is not
based on number of applications nor number of
lines of code like some competitor products.
It runs on standard application hardware; sup-
ports Windows, Mac and Linux; and does not re-
quire any special requirements for deployment.
The technology underlying this solution was ini-
tially developed as part of a DHS-funded R&D
project to make is easier to conduct and analyze
multiple application security tests through the de-
velopment lifecycle, and reduce the barriers to
securing the software supply chain.
The people working on this R&D started Code Dx,
Inc. to mature the technology into the commercial
61