12.09.2015
Code Dx, Inc., a provider of a robust suite of fast and affordable tools that help software developers, testers and security analysts find, prioritize and manage software vulnerabilities, today announced version 2.0 of its Software Vulnerability Management System.
Code Dx 2.0 now offers support for results from DAST (Dynamic Application Security Testing) and Android mobile application security analyses in the Enterprise Edition, along with JIRA integration and many other enhancements in both the Standard and Enterprise Editions. The Code Dx centralized console provides users with a consolidated interface to easily and cost-effectively identify and manage vulnerabilities in their software code.
“Due to the majority of cyber breaches that are caused by weaknesses in software code, application security testing has become a necessity,” said Anita D’Amico, Ph.D., CEO for Code Dx. “Since no one tool can find even the majority of the weaknesses, it is recommended to use multiple tools. Code Dx enables users to leverage the power of hybrid analysis techniques–multiple commercial and open source SAST and DAST tools, third-party component analysis and manual code review–and then correlates and consolidates the findings in one user interface for easy management and remediation. The addition of DAST tools support in Code Dx 2.0 is a significant enhancement that will improve code coverage for users.”
The research and development for Code Dx was partially funded by the Department of Homeland Security Science & Technology (DHS S&T) Directorate. Some of the new features and functionality in Code Dx 2.0 include:
• DAST tools support including: Acunetix, Arachni, BurpSuite, HP WebInspect, IBM AppScan, Netsparker, OWASP ZAP, and Veracode (Enterprise Edition)
• Support for Android mobile application security support (Enterprise Edition)
• JIRA issue tracker integration allowing users to associate Code Dx findings with JIRA issues and assign them to the development team for remediation
• Merging of duplicate results with customizable correlation logic
• Incremental data upload enabling users to upload results one at a time
• Maps results to the Common Weakness Enumeration (CWE) and eight industry standards (OWASP Top 10; CWE/SANS Top 25; CERT Java and C/++ coding standards; Seven Pernicious Kingdoms (7PK); Web Application Security Consortium (WASC); Comprehensive, Lightweight Application Security Process (CLASP); and Software Fault Patterns (SFP))
• Advanced search filter capabilities enables in-depth exploration of results to find vulnerability details
• Carry-over triage settings and comments from tools, streamlining the triage process
Availability:
Code Dx is a low cost and practical first step towards establishing a software assurance program within an organization or enhancing an existing software assurance program. Code Dx Standard Edition Version 2.0 and Code Dx Enterprise Edition Version 2.0 are available worldwide.
Code Dx Free 30-Day Trial:
To download a trial of the Code Dx Standard Edition, please visit: http://codedx.com/download-free-trial or email trial@codedx.com. To arrange for an evaluation copy of the Code Dx Enterprise Edition, please email trial@codedx.com.
codedx.com