Executive Summary

The growing adoption of applications by organizations both using and developing them, coupled with costly and reputation-damaging attacks on business applications – in some cases causing serious breaches of personal and business-sensitive information – have played a major role in bringing application security to the mainstream in the past few years. For good reason: Ponemon’s Cost of a Data Breach 2015 report found that 47% of security incidents were caused by hackers, at an average cost of $230 per record in the United States.

Yet study after study show that organizations aren’t taking application security seriously enough. Gartner says eight out of ten successful attacks target the application layer – while only 10% of organizations actually test critical business applications.

Traditional security scans that happen too late in the Software Development Lifecycle (SDLC) to be effective simply weren’t built for the organizational evolution to more agile processes. By using innovative security solutions to analyze and test your application code, your organization will achieve secure, higher-quality software at a significantly lower cost and number of resources than traditional testing later in the SDLC. Reducing your security vulnerabilities by 50% before sending your app to production will reduce costs by 75%, according to Gartner.

 The rift between developers and security continues to cause issues when it comes to application security. For application security to be an enabler for the rest of the business, testing solutions need to be implemented in the SDLC – and they require the adoption of developers to be successful.

One of the keys to reducing the costs and risks due to security vulnerabilities is to implement tools throughout the development ecosystem that the developers can – and will – use as they write an application. By embedding security processes and testing within tools developers already use in their work, such as their IDE, build repository, and bug trackers, the burden of security testing is dramatically decreased.

For developers and security managers and auditors alike, Checkmarx’s source code analysis tool,

CxSAST, has been hailed as the security tool of choice. With thousands of successful projects completed – and billions of code scanned – Checkmarx has the experience and innovative solutions to ensure your application security program is a sound success. CxSAST’s powerful solution also goes hand in hand with the type of support and expertise we offer our customers. Built for organizations big and small, CxSAST provides the security intelligence you need to keep your applications running smoothly.

Since its founding in 2006, Checkmarx has seen consistent growth and has been widely recognized as a forward-thinking security company at the forefront of application security solutions. Checkmarx has been positioned as a leader since the 2014 by Forrester Application Security Testing Wave, was honored as a Red Herring Top 100 Europe, is a challenger in Gartner’s Application Security Testing Magic Quadrant and scored a perfect 5.0 in Gartner’s Application Security Testing Critical Capabilities report. Moreover, the last 3 years Checkmarx has been positioned as a Leader in the Gartner Magic Quadrant for Application Security.

Company background

Checkmarx is a leading developer of software solutions used to identify, fix and block security vulnerabilities in web and mobile applications. It provides an easy and effective way for organizations to introduce security into their Software Development Lifecycle (SDLC) which systematically eliminates software risk before applications are released.

The company’s customers include 5 of the world’s top 10 software vendors and many Fortune 500 and government organizations, including SAP, Samsung,, Coca Cola and the US Army.

In addition, Checkmarx has been named a Deloitte Fast50 company three years running and was ranked first with a perfect 5.0 rating for Static Analysis Product by Gartner in the 2014 Critical Capabilities for Application Security Testing report.

Founded in 2006, the Checkmarx vision is to help organizations secure their critical applications and enabling them to release software free of technical and logical security vulnerabilities to keep the hackers away.


  • Ease of use

With fast setup and simple integrations with popular tools used by application stakeholders throughout the SDLC, CxSAST offers auditors and developers an easy and quick way to detect the security issues that need to be fixed.

Since only the source code is required for scanning, no building or compiling is necessary, which enables testing and report generation at any given time, so you always know the state of your application security.

  • Reduce cost-to-fix

Easy-to-understand reporting and IDE integration allow each stakeholder to know which security vulnerabilities need to be fixed in the code they’re building, allowing the delegation of security testing throughout the SDLC – instead of only predeployment.

CxSAST is accurate, with a nominal rate of false positives (under five percent). When integrated into each milestone of your SDLC, CxSAST quickly and automatically detects security vulnerabilities to be fixed as early within your SDLC as the code is written.

  • Scalable and future-proof

In addition to integrations with many of the most common build and testing tools used in the SDLC, Checkmarx offers comprehensive APIs for customizations to make CxSAST scalable and ready for wherever your applications take you.

SAST – OWASP Code Review Guide 2.0 Reference