Accuracy and Flexibility in SAST
One of many massive challenges of Static Software Safety Testing (SAST) has lengthy been accuracy. All SAST options battle with accuracy, producing both false positives (unfounded alerts) or false negatives (missed vulnerabilities). It will at all times be a priority, so selecting the perfect SAST resolution boils all the way down to measuring accuracy.
At Checkmarx, our SAST instruments enhance accuracy. Our SAST resolution makes use of queries to facilitate search customization and supply an adaptive scanning engine, actual time scanning, AI instruments, and auto-remediation.
What Are Queries and Why Are They Essential?
Queries are the key sauce of SAST scans. What precisely is a question? A question is a vulnerability rule. All SAST engines use queries to search out vulnerabilities and obtain higher constancy.
“Queries are building blocks for identifying potential vulnerabilities and critical for filtering through the noise to avoid sending false positives and false negatives to your developers. Understanding queries enables AppSec teams and developers to prioritize your efforts, and promptly address the most critical issues.”
All SAST engines use queries to search out vulnerabilities. Nonetheless, most SAST options don’t allow you to customise the principles or modify queries. In these instances, customers are chained to the vulnerabilities that the answer chooses to search for. The dearth of customization results in extra false positives or missed vulnerabilities.
Checkmarx SAST is the one resolution that gives the pliability to customise queries, leading to decrease false positives with out creating false negatives for extra correct outcomes.
“Checkmarx SAST includes pre-built queries (and presets) written in the Checkmarx Query Language (CxQL). These identify common security issues such as SQL injection, cross-site scripting, and insecure access controls, providing an easier way to start securing applications out of the box.”
See how queries work.
Tailor-made Presets & Customized Queries
Checkmarx SAST empowers you to customise queries in line with your particular wants. As we described in a earlier put up:
A typical use case that neatly highlights the advantages of customizing queries could be present in cross-site scripting (XSS) vulnerability findings the place a false constructive could also be occurring because of using an in-house sanitizer technique that isn’t included within the Checkmarx One default out-of-the-box question. We will merely add this technique to the suitable CxQL question and rescan the mission to take away the FP.
Introducing the Improved Checkmarx Question Editor
Very long time Checkmarx customers are in all probability acquainted with CxAudit, our question editor for CxSAST. Our up to date Checkmarx Question Editor brings options of CxAudit that have been beforehand lacking to Checkmarx One! Constructed with buyer expertise in thoughts, this highly effective device is designed to make question modifying even simpler.
What’s New
Our up to date Question Editor focuses on enhancing usability and enhancing workflow effectivity. Right here’s a more in-depth have a look at what’s new:
- Pleasant and intuitive person interface – We’ve revamped the feel and appear of the Question Editor, making it simpler to navigate and perceive and intuitive to make use of. The design is modular, permitting customers to customise their workspace to swimsuit their wants. You’ll be able to concentrate on particular components or get a broader view of your mission. This flexibility ensures that you may work in a means that’s most comfy for you.
- Language-specific question view (Edit mode) – Navigating via tasks to search out particular queries could be time-consuming. That’s why we’ve launched a language-specific view. Now, you may choose a programming language and immediately entry all queries associated to that language throughout all tasks. This eliminates the necessity to search via every mission individually, saving you beneficial time.
- Conceal empty queries– To additional streamline your workflow, we’ve added a brand new mode that hides empty queries. This removes any queries that didn’t return outcomes. It will assist to declutter your workspace and allow you to consider the queries that want your consideration.
- Scan historical past – Understanding the historical past of your scans is essential for monitoring progress. Our new scan historical past characteristic gives a complete log of previous scans. You’ll be able to simply overview previous scans, examine outcomes, and determine patterns that inform future choices.
Methods to Entry and Use It
Question Editor is accessible and seamlessly built-in into Checkmarx One. Merely navigate to the queries part and begin! You’ll be able to open the Question Editor related to a mission or open it unbiased of any mission. Get the full documentation right here.
Get Began Right this moment
The brand new Checkmarx One Question Editor simplifies the method of customizing safety scans. With an intuitive interface and options like language-specific views and scan historical past, it helps you prioritize your focus. By decreasing false positives and negatives, the Question Editor helps your full your work and safe your purposes extra effectively. Begin utilizing the Checkmarx Question Editor immediately and improve your utility safety with ease and precision.
Nonetheless not on Checkmarx One? Contact us to debate how one can migrate from CxSAST or one other vendor to Checkmarx One immediately.
