There’s a lot happening to expand the functionality and usability of Code Dx. Here are a few of the upcoming features we’re currently working on.
Hybrid Application Security Testing
Two methods for analyzing software security risks are dynamic application security testing (DAST) (an outside-in perspective) and static application security testing (SAST) (an inside-out perspective). Both have drawbacks. DAST findings do not give insight into the root cause, making remediation time-consuming. SAST tools give you precise code locations, but flag issues that are not exploitable. Correlating the results of SAST and DAST can overcome these individual challenges. With funding from the Department of Homeland Security Science & Technology Directorate, Code Dx is researching and developing Hybrid Application Security Testing (HAST) techniques.
In Code Dx Version 2.0, we completed a critical requirement for HAST: adding support for consuming and de-duplicating the results of DAST tools. Each release brings us closer to completing full hybrid analysis mapping capability.
Metrics-Driven Dashboard and Reporting
Code Dx will be adding both project-level and enterprise-level metrics driven dashboards and reporting. This will allow CISOs and software development managers to get an overview of application security trends. For example, CISOs and managers will be able to assess which vulnerabilities are most prominent across the enterprise, how long it takes to fix SQL Injection weaknesses, and how developer training is helping to address certain types of vulnerabilities.
If you are interested in being a beta tester of any of these emerging capabilities, drop us a note through the Contact page.