Glossary

Internet Security

Why companies need internet security
Online applications offer companies many benefits, but they also increase the risk of web attacks and vulnerability exploits. The internet by itself is a very insecure platform, but network security has improved drastically in recent years. This has resulted in many attackers turning to application-layer attacks, as many applications are permeated with insecure code, vulnerabilities and/or malicious code. Network security and application security are the two major areas of internet security, but other critical areas include firewalls, antivirus, email, social networking, chat/instant messaging and more.

Checkmarx helps companies attain the most effective internet security
The professionals at Checkmarx know that keeping the internet secure for companies is no easy task—which is why they promote simplicity that delivers results. This comes in the form of automated testing that doesn’t require extensive training or knowledge by company employees. Because it is cloud-based, it doesn’t require any installation, which makes it time-efficient and cost-efficient. Checkmarx uses revolutionary tools that make it simple to provide static testing, as well as dynamic testing.

  • Static testing: This type of testing is performed while the application is not running. This test examines application code for malicious code, backdoor threats, vulnerabilities and more.
  • Dynamic testing: This thorough analysis of application code is performed while the application is in use. This test also scans for vulnerabilities, malicious code and other threats, including XSS attacks, SQL injection and more.

A Software Development Life Cycle (SDLC) is the process used for developing and securing web applications. While the phases of SDLCs vary depending on the type and complexity of the software, they are typically comprised of analysis, design, coding, testing and deployment. Both static and dynamic testing should be part of the testing phase for efficient application security.

Superior testing by Checkmarx finds hidden security vulnerabilities
Typical scanners are designed to find documented vulnerabilities. These are loopholes that have been discovered earlier and have been inserted into the database. But what about undiscovered vulnerabilities? If vulnerabilities have not been discovered (many new vulnerabilities are discovered each year), scanners are simply incapable of detecting them as they do not appear in the database.

Checkmarx application testing goes beyond the traditional network and vulnerability scanning procedures. The Checkmarx testing process actually gets inside the code and looks for hidden flaws that usually go undetected. This includes source code, resource files, debug code, directories and more. Essentially, Checkmarx pretends to be a hacker attempting to penetrate the network or application security. The professional security experts at Checkmarx have years of security experience, and have knowledge beyond that of skilled hackers. If the Checkmarx security team cannot penetrate the security walls, the likelihood of a malicious hacker gaining access is also very small.