What is Code Dx?
Code Dx – A uniquely powerful software vulnerability management tool unmatched in the industry.
Code Dx® Enterprise is a software application vulnerability correlation and management system that consolidates and normalizes software vulnerabilities detected by multiple static application security testing (SAST) and dynamic application security testing (DAST) tools, as well as the results of manual code reviews. Its visual analytics accelerate the finding, triage, prioritizing and fixing of software vulnerabilities to dramatically expedite remediation. The Code Dx product was partially funded by the Department of Homeland Security (DHS) Science and Technology (S&T) Directorate due to the dire need to increase software assurance for critical infrastructure and secure the country’s software supply chain. As a result, Code Dx addresses the needs of a variety of users who influence software security decisions that affect an organization’s exposure to cyber attacks or liability associated with such attacks. These include: software developers, security analysts, software testers, quality assurance engineers and CISOs.
Code Dx, Inc. was spun-out in 2015 from Secure Decisions, a division of Applied Visions, Inc., to continue the development and commercial offering of Code Dx as well as to support the Code Pulse application penetration testing technology which Secure Decisions open-sourced through the Open Web Application Security Project (OWASP.) Code Dx, Inc. will continue to serve as the commercial entity that matures and operationalizes the software assurance and application security technologies incubated in Secure Decisions’ government-funded R&D.
Code Dx was honored in 2016 by Cybersecurity Ventures as #23 in the Cybersecurity 500 of the “hot cybersecurity companies to watch.”
Why do I need Code Dx?
Code Dx saves substantial time by automating and streamlining software security testing, reporting and remediation. It consolidates and normalizes the vulnerability results generated by multiple SAST and DAST tools, as well as manual analyses, into one easy to use centralized console. This automated correlation and consolidation into a unified set of results nearly eliminates what used to be a manual, tedious and time intensive task. It also automatically deduplicates when the same vulnerabilities are found by different tools, despite the differences in describing these vulnerabilities, and offers support for the removal of false positives. The end result is displayed in a visual analytic interface that enables the team to rapidly view, prioritize, assign vulnerabilities for remediation and track their remediation progress.
By offering the hybrid combination of SAST and DAST testing, Code Dx provides users with broader vulnerability testing coverage to better identify those vulnerabilities which are easily accessible to an external attacker. In addition, the Code Dx system can be easily integrated into the software developers’ integrated development environment (IDE), their build server and/or their bug trackers. This dramatically simplifies adding application security testing into the natural workflow of the software development life cycle (SLDC).
SAST tests the application from the inside out by examining its source code, byte code or application binaries for security vulnerabilities. DAST tests the application from the outside in by poking and prodding the software in unusual ways to discover any security weaknesses. And by filtering vulnerabilities based on several industry standards of vulnerability severity, the organization can find and fix the most important vulnerabilities first, taking a significant step toward improving its security posture.
Code Dx displays the current status of the entire software assurance procedure at all times, ensuring that all team members and executives are always aware of the findings and remediation process. As a result, Code Dx removes most of the time and complexity barriers to performing thorough software security processes on all software more quickly, matching the needs of any DevOps situation. Time to get started? Click here to download a 14 day evaluation copy.