For Engineers and Developers
Fix as you go
Nobody likes having to fix things they don’t think are broken. After you and your team have spent months (or years) developing an application, arguably the worst news you could receive (other than project cancellation) is that the security team has found hundreds of vulnerabilities in the code you’ve put together so carefully. Now, rather than gearing up for launch, you have to go back and fix things that you finished months ago. Or you could just fix it as you write it. Code Dx, Inc.’s software suite fits right in with your development process. This means that you can scan your code every time you check in a fresh build. Even better, it will use multiple tools (and techniques) to find as many real vulnerabilities as possible—each one will be correlated with those found by other tools and techniques, which means you’ll have a short list of weaknesses that you can start fixing immediately. Don’t be blindsided a few yards away from the finish line—watch your step as you run down the field, and stay ahead of the curve.
Use your current environment
When you have to fix something, why should you have to use something besides your development environment just to see what the problem is? Too many tools make you leave your environment to view the vulnerabilities. Code Dx doesn’t. Our plug-ins let you integrate your environments (like Eclipse or Visual Studio) so that you can see exactly what’s wrong without jumping through hoops.
No more PDFs
Communication between teams is critical. When your security team scans your application, they have to send the results to you somehow. Most of the tools they use export the results to a document of some kind, usually a PDF. But PDFs are clunky to deal with. You can’t easily manipulate them, and even commenting requires a software license. If you’re lucky, you might be able to convert it to a spreadsheet, but that’s less readable. Even then, you still have to send the same document back and forth, and hope that everyone uses the most current version. Or you could just use Code Dx from the start. Code Dx’s normalizing feature doesn’t just add common terminology, it displays all results in the same format. This means that, when the weaknesses are linked with an issue tracker (like JIRA, which Code Dx fully integrates with), you are all working from the same, highly readable, easily understood list. Stop emailing documents back and forth, and work together. You’ll be glad you did. Think Code Dx might make your life easier? We can prove it.