Code Dx Launches New Version of Vulnerability Management System with Support for DAST and Android Mobile Application

By CIOReview | Friday, December 11, 2015

FREMONT, CA: Code Dx Standard and Enterprise Editions come bundled with multiple, open source, preconfigured SAST tools. Once the code is integrated into it, Code Dx automatically figures out what open source tools to run against the source code, runs the tools, find the weaknesses, checks the vulnerability status of third-party components incorporated into the source code, consolidates and removes redundant results of multiple tools, and presents the unified set in a centralized console with an interface for managing the vulnerabilities.

Now, to take vulnerability check a step ahead with better features, Code Dx, a provider of software vulnerability management systems, announces version 2.0 of the software with support for DAST (Dynamic Application Security Testing) and Android mobile application security analyses in the Enterprise Edition along with JIRA integration in both Standard and Enterprise Editions.

Today’s business environment is crowded with so many web-based customer facing applications. So, it becomes critical to test its security and software assurance to discover any weaknesses before deploying another application. CodeDx has dramatically changed the ease of application security testing by providing an incredibly affordable and efficient method for automating the entire process.

Code Dx is a Java based tool that can reside on an existing web server. Its research and development was partially funded by the Department of Homeland Security Science & Technology (DHS S&T) Directorate.

The new features and functionality in Code Dx 2.0 include: DAST tools support including: Acunetix, Arachni, BurpSuite, HP WebInspect, IBM AppScan, Netsparker, OWASP ZAP, and Veracode; support for Android mobile application security support; JIRA issue tracker integration allowing users to associate Code Dx findings with JIRA issues and assign them to the development team for remediation; Merging of duplicate results with customizable correlation logic; advanced search filter capabilities; and Carry-over triage settings and comments from tools, streamlining the triage process.

"Due to the majority of cyber breaches that are caused by weaknesses in software code, application security testing has become a necessity. Since no one tool can find even the majority of the weaknesses, it is recommended to use multiple tools. Code Dx enables users to leverage the power of hybrid analysis techniques--multiple commercial and open source SAST and DAST tools, third-party component analysis and manual code review--and then correlates and consolidates the findings in one user interface for easy management and remediation. The addition of DAST tools support in Code Dx 2.0 is a significant enhancement that will improve code coverage for users," says Anita D'Amico, Ph.D., CEO, Code Dx.