Code Dx, a Platinum Award Winner for two consecutive years in the Annual ‘ASTORS’ Homeland Security Awards Program, is pleased to announce that Code Dx Enterprise Application Vulnerability Management System, has been selected as a Finalist in the 2019 ‘ASTORS’ Awards Program.

Every organization knows that it should be testing the security of its applications in-house, but the reality is that the frantic pace of software development doesn’t always leave enough time for that.

Even if there is time, it may only be enough to run a single tool, or a single type of tool, which does little to actually secure a software application.

The truth of application security is that no one tool will catch every weakness.

Static application security testing (SAST) tools, for example, scan an application’s source code for known vulnerabilities, but each one is better (or worse) at finding certain kinds of weaknesses.

To make sure a vulnerability isn’t missed, multiple tools (and multiple types of tools) must be used, creating a whole new problem.

Now, there is a stack of scan results from different tools, each detailing thousands of potential vulnerabilities, which is what makes testing so time-consuming: figuring out which flags are real, and weeding out duplicate results.

This typically results in an unlucky security specialist (or, more likely, several security specialists) manually reviewing each issue, correlating them with a different technique, and confirming whether or not they are important enough to bring to the DevOps team.

Enter Code Dx Enterprise Application Vulnerability Management System

Code Dx Enterprise helps secure applications by providing an easy-to-use and affordable application vulnerability correlation and management solution, enabling organizations to overcome the obstacles they face that are deterrents to using application security testing (AST) tools.

This breakthrough product automates many of the labor-intensive activities needed to run AST tools, consolidates the results, and prioritizes the reported vulnerabilities based on industry and regulatory standards.

It can also perform a Hybrid Analysis that examines SAST results with DAST tools to determine which vulnerabilities are exploitable by an outside attacker.

Users get more effective software testing when they combine multiple tools and techniques with Code Dx Enterprise.

They get better vulnerability coverage, fewer false positives, and eliminate duplicate results.

HOW IT WORKS

Test

Start by running your Application Security (AppSec) testing tools—SAST, DAST, IAST, Software Composition Analysis, or manual reviews. Code Dx integrates with Jenkins or other build servers with its Rest API, making managing these tools much easier. Code Dx will then provide a single, consolidated set of all results found.

Corelate

Code Dx has automated what has always been the most time-consuming (and expensive!) step in the AppSec process. Code Dx will automatically combine the results from your tools and deduplicate them, giving you a single correlated set, and saving you valuable time and resources.

Triage/Prioritize

Code Dx uses Hybrid Analysis to find out which discovered vulnerabilities can be exploited from the outside. It further identifies code that is not compliant with industry and federal regulatory standards (and subject to fines). This all makes it easy to quickly decide what needs to get fixed first.

Assign 

Once you’ve got targets for remediation, you have to assign the most important vulnerabilities to your developers. Code Dx integrates fully with Jira, so you can easily assign a vulnerability and track its remediation status through the whole process.

Fix

As you fix the vulnerabilities found during this round of testing, your development, QA, and security teams can communicate through Code Dx’s integration with Jira.

 

 

Additionally, Code Dx Enterprise saves time and resources by:

• Automating the tedious and lengthy process of combining multiple outputs;

• Automating the expensive, labor-intensive task of correlating the results until they have actionable data; and

• Automatically selecting and running a collection of open-source SAST tools and third-party library analyzers against their code.

Staying Compliant

Finding out that an application actually violates some kind of regulation—and that the organization may now be faced with fines—is a nightmare scenario for a development organization of any size.

Even fixing the violations and fighting the fines in court will carry hefty legal fees, assuming the organization prevails—not to mention the negative impact on the organization’s reputation, and loss of market confidence.

A best practice is for organizations to ensure their software is compliant while they are actually writing it.

Code Dx Enterprise takes care of that for them, by checking the application’s codebase against various regulations, such as HIPAA, the DISA-STIG, the PCI DSS, and many more.

Any lines of code that violate those regulations are flagged, and the exact nature of the violation is shown, along with ways to make it compliant.

Instead of reading through hundreds of pages of regulations, Code Dx Enterprise enables organizations to focus on making their applications as good (and secure) as they can be.

Make your developers part of the security team

Nobody wants to go back and change their code, especially if it’s working well.

Developers are understandably reluctant to “fix” their code unless they absolutely have to.

Nothing can alienate a dev team like being handed a list of thousands of potential vulnerabilities, the majority of which may not even be real.

A big part of the security team’s job is to verify their findings before handing them off to the dev team to fix.

Code Dx Enterprise shoulders a lot of that burden.

While SAST tools scan the source code (a process that always returns that long list of errors), dynamic application security testing (DAST) tools run from the outside-in.

These tools use similar approaches to penetration tests—in fact, a lot of them use pen testing as part of their process—to find exploits.

In other words, while SAST tools can tell the user that there are 15 doors in their house, DAST tools tell them which ones are unlocked.

Development and security teams need to be in sync.

Code Dx Enterprise provides a central AppSec platform where users can assign vulnerabilities for remediation and track progress, and it integrates with many popular development environments, so developers can fix vulnerabilities easily.

Code Dx Enterprise helps users prioritize quickly and effectively.

Its unique Hybrid Analysis validates vulnerability findings using DAST tools to confirm SAST results, in addition to mapping to regulatory standards.

New Enhancements

During this past year, Code Dx has made significant enhancements to its Code Dx Enterprise solution.

In November 2018, version 3.5 was released and offered a powerful new dashboard with comprehensive metric visualization.

This dynamic dashboard offers AppSec professionals with critical information about all of their application testing activities in one place, to provide a quick understanding of their application’s security status.

Furthermore, Code Dx partnered with leading cybersecurity visualization experts to conduct research to determine what information AppSec practitioners really need to see and how that data should be shown.

Now, users of Code Dx Enterprise have a complete dashboard that guides them through the entire AppSec testing process, presenting all the information from multiple testing tools in one place and in a way that makes sense to them.

The innovative new dashboard uniquely shows users metrics and information about all of their testing activities, not just reports from single tools.

They can explore this data interactively to determine which tools are working well for their AppSec program, and identify security and vulnerability trends.

In addition to the new dashboard, Code Dx Enterprise now offers MISRA (Motor Industry Software Reliability Association) compliance.

Code Dx is committed to working with the most important regulatory and industry standards, and by adding MISRA compliance mapping, organizations can now ensure that their code complies with this critical standard.

In April 2019, Code Dx released version 4.0 to the market adding an entirely new tool category to the platform: Network and Infrastructure Vulnerabilities.

Code Dx Enterprise now correlates results from Nessus, NMap, and more.

This turns Code Dx Enterprise from an AppSec Vulnerability Management console into an all-in-one cybersecurity risk management system, from which users can manage all of their vulnerabilities and weaknesses in one central location.

Background

The technology underlying this solution was initially developed as part of a DHS-funded R&D project to make it easier to conduct and analyze multiple application security tests during the development lifecycle, and reduce the barriers to securing the software supply chain.

The people working on this R&D started Code Dx, Inc. to mature the technology into the commercial product now known as Code Dx Enterprise.

(Code Dx, Inc., was spotlighted as a top success story at the 2019 S&T Cybersecurity and Innovation Showcase which was hosted by the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate. Courtesy of DHS S&T Directorate and YouTube. Posted on Feb 9, 2019)

While the industry is working hard to deliver a greater diversity of powerful AST tools, Code Dx Enterprise differentiates itself by focusing on making those tools work together to produce actionable results more quickly, with less effort.

With seamless integration into software development environments, it brings developers and security analysts together into an effective team.

Customers see Code Dx Enterprise as a valuable multiplier of their existing investments in AST, increasing the value of their commercial tool chest with the addition of results from open source tools.

It also enables enterprises to augment their application security testing program by economically distributing AST tools to a broader audience of developers in their organization while maintaining commercial AST tools within their quality assurance and security analysis functions.

With this seamless integration and use of open source and commercial AST tools through Code Dx, security reviews are performed earlier and more frequently in the software development lifecycle, reducing the time to develop and secure production-ready software and decreasing organizational application security risk.

To Learn More about Code Dx Enterprise, key features, why to use it, who should use it (security analysts, CISOs, software developers, software QA engineers, etc.), supported tools and languages and information on future releases, please visit https://www.codedx.com.

Code Dx Selected a Finalist in 2019 ‘ASTORS’ Awards for 3rd Consecutive Year

Winners to be Announced at the ‘ASTORS’ Awards Luncheon at ISC East – Register Today

The Annual ‘ASTORS’ Awards Program is specifically designed to honor distinguished government and vendor solutions that deliver enhanced value, benefit and intelligence to end users in a variety of government, homeland security and public safety vertical markets.

The highlight of the 2019 AST Homeland Security Awards Program will be the ‘ASTORS’ Awards Presentation Luncheon at ISC East, November 20, 2019 in the Jacob Javits Exhibition Center, from 12:00pm – 2:30pm, featuring keynote address by Bill Bratton, former police commissioner of the NYPD, BPD, and former chief of LAPD.

The 2018 ‘ASTORS’ Awards Program drew an overwhelming response from industry leaders with a record high number of corporate and government nominations received, as well as record breaking ‘ASTORS’ Presentation Luncheon Attendees, with top firms trying to register for the exclusive high – end luncheon and networking opportunity – right up to the event kickoff on Wednesday afternoon, at the ISC East registration!

Over 130 distinguished guests representing National, State and Local Governments, and Industry Leading Corporate Firms, gathered from across North America, Europe and the Middle East to be honored among their peers in their respective fields which included:

• The Department of Homeland Security
• The Federal Protective Service (FPS)
• Argonne National Laboratory
• The Department of Homeland Security
• The Department of Justice
• The Security Exchange Commission Office of Personnel Management
• U.S. Customs and Border Protection
• Viasat, Hanwha Techwin, Lenel, Konica Minolta Business Solutions, Verint, Canon U.S.A., BriefCam, Pivot3, Milestone Systems, Allied Universal, Ameristar Perimeter Security and More!

ISC East is the Northeast’s largest security industry event and your ‘ASTORS’ Awards Luncheon registration includes complimentary attendee access to the show.

Exhibiting and/or Attending the 2019 ISC East Conference?

Thank take advantage of this exclusive luncheon opportunity to take a break from the show – Invite your team, guests, clients and show visitors to a lovely and affordable plated meal event in the heart of New York City, for  a fabulous networking opportunity!

Good Luck to Code Dx in the 2019 ‘ASTORS’ Homeland Security Awards Program!

To register, click on the banner below, or go to https://americansecuritytoday.com/product/awards-luncheon/.

The Annual ‘ASTORS’ Awards is the preeminent U.S. Homeland Security Awards Program highlighting the most cutting-edge and forward-thinking security solutions coming onto the market today, to ensure our readers have the information they need to stay ahead of the competition, and keep our Nation safe – one facility, street, and city at a time.

The 2019 ‘ASTORS’ Homeland Security Awards Program is Proudly Sponsored by ATI Systems, Attivo Networks, Automatic Systems, Desktop Alert and SWORD Technologies.

AST strives to meet a 3 STAR trustworthiness rating, based on the following criteria:

• Provides named sources
• Reported by more than one notable outlet
• Includes supporting video, direct statements, or photos

Subscribe to the AST Daily News Alert Here.