Armorize CodeSecure™ is the most advanced web application security solution of its kind. This web-based, automated Static Source Code Analysis and Verification platform provides compiler-independent assessment of web application source code, detecting vulnerabilities and offering guidance on remediation. CodeSecure™ is highly efficient in identifying vulnerabilities such as Cross Site Scripting (XSS) and SQL Injection and, as a web-based solution, CodeSecure™ offers a scalable and flexible deployment strategy.

By deploying CodeSecure™ early in the Software Development Life Cycle (SDLC), vulnerabilities are identified, understood, and remedied by the developers with minimal cost and impact on project progress. Removal of exploitable code from an application while still in development ensures the product is released without vulnerabilities to scripting and injection exploits. By addressing this important security step from the outset, businesses display due diligence, minimizing risk of compromise and facilitating legal/regulatory compliance at minimal cost.

CodeSecure™ was developed with Web application security in mind, and Armorize has committed extensive energy and resources into developing an easily integrated, easily managed secure coding framework.

CodeSecure™ can be deployed as an enterprise-level appliance or as a hosted software service.

As a compiler-independent static analysis and verification solution, CodeSecure™ leverages 3rd generation technology to detect vulnerabilities in web application source code. During scanning, CodeSecure™ forms an overall picture of the application, assessing the programming grammar, performing pure data-flow and control-flow analysis on each line of code, and systematically checking for vulnerabilities and tainted variables.

As CodeSecure™ is not based on attack signatures but on pattern-free algorithms, it determines the behavioral outcomes of input data by calculating all possible execution paths. It is extremely effective in finding instances of code that make the web application vulnerable to exploits such as Dataflow attacks, Cross Site Scripting (XSS), Injection (SQL, File, XPATH, reflection), File Inclusion, Malicious File Execution and Information Leakage.

During analysis, each vulnerability is traced back to the original entry point and line of code that caused it. By providing this map of the vulnerability propagation through the application, CodeSecure™ allows developers to see the direct relationship between their coding practices and the overall security posture of the application.

Ease of Installation, Configuration and Use

• Third Generation Application Security Technology:
• Broad support
• Ease of Use
• Centralized Access
• Role-Based Access Controls
• Customizable Reports
• Vulnerability navigation within IDE
• Compatibility
• Low Total Cost of Ownership (TCO):
• Centralization of Resources
• Reliability