Accuracy and Flexibility in SAST
One of many massive challenges of Static Utility Safety Testing (SAST) has lengthy been accuracy. All SAST options battle with accuracy, producing both false positives (unfounded alerts) or false negatives (missed vulnerabilities). This may all the time be a priority, so selecting one of the best SAST answer boils right down to measuring accuracy.
At Checkmarx, our SAST instruments enhance accuracy. Our SAST answer makes use of queries to facilitate search customization and supply an adaptive scanning engine, actual time scanning, AI instruments, and auto-remediation.
What Are Queries and Why Are They Vital?
Queries are the key sauce of SAST scans. What precisely is a question? A question is a vulnerability rule. All SAST engines use queries to search out vulnerabilities and obtain higher constancy.
“Queries are constructing blocks for figuring out potential vulnerabilities and demanding for filtering by way of the noise to keep away from sending false positives and false negatives to your builders. Understanding queries permits AppSec groups and builders to prioritize your efforts, and promptly handle probably the most essential points.”
All SAST engines use queries to search out vulnerabilities. Nonetheless, most SAST options don’t allow you to customise the principles or modify queries. In these instances, customers are chained to the vulnerabilities that the answer chooses to search for. The shortage of customization results in extra false positives or missed vulnerabilities.
Checkmarx SAST is the one answer that gives the pliability to customise queries, leading to decrease false positives with out creating false negatives for extra correct outcomes.
“Checkmarx SAST contains pre-built queries (and presets) written within the Checkmarx Question Language (CxQL). These establish frequent safety points akin to SQL injection, cross-site scripting, and insecure entry controls, offering a neater solution to begin securing functions out of the field.”
See how queries work.
Tailor-made Presets & Customized Queries
Checkmarx SAST empowers you to customise queries based on your particular wants. As we described in a earlier publish:
A standard use case that neatly highlights the advantages of customizing queries will be present in cross-site scripting (XSS) vulnerability findings the place a false optimistic could also be occurring on account of the usage of an in-house sanitizer methodology that isn’t included within the Checkmarx One default out-of-the-box question. We are able to merely add this methodology to the suitable CxQL question and rescan the undertaking to take away the FP.
Introducing the Improved Checkmarx Question Editor
Very long time Checkmarx customers are in all probability aware of CxAudit, our question editor for CxSAST. Our up to date Checkmarx Question Editor brings options of CxAudit that have been beforehand lacking to Checkmarx One! Constructed with buyer expertise in thoughts, this highly effective software is designed to make question enhancing even simpler.
What’s New
Our up to date Question Editor focuses on enhancing usability and bettering workflow effectivity. Right here’s a more in-depth have a look at what’s new:
- Pleasant and intuitive person interface – We’ve revamped the appear and feel of the Question Editor, making it simpler to navigate and perceive and intuitive to make use of. The design is modular, permitting customers to customise their workspace to swimsuit their wants. You possibly can concentrate on particular components or get a broader view of your undertaking. This flexibility ensures that you would be able to work in a approach that’s most comfy for you.
- Language-specific question view (Edit mode) – Navigating by way of initiatives to search out particular queries will be time-consuming. That’s why we’ve launched a language-specific view. Now, you possibly can choose a programming language and immediately entry all queries associated to that language throughout all initiatives. This eliminates the necessity to search by way of every undertaking individually, saving you useful time.
- Cover empty queries– To additional streamline your workflow, we’ve added a brand new mode that hides empty queries. This removes any queries that didn’t return outcomes. This may assist to declutter your workspace and allow you to focus on the queries that want your consideration.
- Scan historical past – Understanding the historical past of your scans is essential for monitoring progress. Our new scan historical past characteristic offers a complete log of previous scans. You possibly can simply evaluation previous scans, evaluate outcomes, and establish patterns that inform future selections.
Entry and Use It
Question Editor is accessible and seamlessly built-in into Checkmarx One. Merely navigate to the queries part and begin! You possibly can open the Question Editor related to a undertaking or open it impartial of any undertaking. Get the full documentation right here.
Get Began Right this moment
The brand new Checkmarx One Question Editor simplifies the method of customizing safety scans. With an intuitive interface and options like language-specific views and scan historical past, it helps you prioritize your focus. By lowering false positives and negatives, the Question Editor helps your full your work and safe your functions extra effectively. Begin utilizing the Checkmarx Question Editor at the moment and improve your utility safety with ease and precision.
Nonetheless not on Checkmarx One? Contact us to debate how one can migrate from CxSAST or one other vendor to Checkmarx One at the moment.
