source code analysis - the value of partial code scanning
DESCRIPTION
The presentation used by Maty Siman, the Founder and CTO of Checkmarx, during the webinar that discussed the benefits of being able to scan partial code samples (uncompiled / unbuilt code) as part of a static application security testing solution.TRANSCRIPT
![Page 1: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/1.jpg)
Partial Code ScanningSource Code Analysis For The Masses
Maty Siman, CISSPCheckmarx CTO
![Page 2: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/2.jpg)
Checkmarx Application Understanding
void main() { int j = 0; int i = 0;
while (i < 10){ if (i == 3){ j=j*2; } j = j + i; i = i + 1; }
printf ("%d\n", j); printf ("%d,n", i);}
Enter
i = 0
j = j * 2
j = 0
j = j + I i = i + 1If (i==3)
while (i<10) Printf (j) Printf (i)
Abstraction
DBUse queries to pick the brain on security, quality & performance
![Page 3: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/3.jpg)
Enabler: The Virtual Compiler
Code & Flow Data base
RubyApex.Net C, C++Java
Virtual Compiler
Language Adaptor
Syntax Compensator Linkage Resolver
Common Language Form
Exhaustive Flow Scanner
DetectionEngine
Code Enhancer
VB/ASP PHP Android
![Page 4: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/4.jpg)
Partial Scanning Enables: Security Testing Throughout The SDLC
[Escalating cost to find and fix a defect or design flaw as it is discovered late in the Software Development Life Cycle (IDC, 2005)]
CHECKMARX patented and revolutionary technology allows
reviewing uncompiled code throughout the SDLC
Cost to find/fix a defect during integration/system test is 15-90 times higher than at design/coding
Time & Cost
Code Inspection
Integration Testing
System TestingStatic analysis tools find defects and design flaws “in phase”
Unit Testing
Design Coding QA Production
very difficult torun compiled code scans
![Page 5: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/5.jpg)
Partial Scan Benefit Summary
Scan source code = Easy setup
Compile unnecessary = Full SDLC
Analyzed for security = High accuracy
Flexible Architecture = Scan anytime,
anywhere
Try Checkmarx immediately at:
www.cxprivatecloud.com
![Page 6: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/6.jpg)
Case Study 1: salesforce.com’s Gatekeeper
• 135,000 custom applications• 200,000 developers growing community
• Proprietary Scripting language
Partner/Customer Source codePowered by
![Page 7: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/7.jpg)
Mandatory certification: salesforce.com
The first on-demand source code analysis tool solely built for a platform as a service.
![Page 8: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/8.jpg)
Case Study 2: Large ISVFully Automated Vulnerability Lifecycle
![Page 9: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/9.jpg)
Case Study 3: Large ISV with ~20,000 customers WWSupports Clients Plug-ins
![Page 10: Source Code Analysis - The Value Of Partial Code Scanning](https://reader035.vdocument.in/reader035/viewer/2022062514/557cf2a1d8b42a071b8b4569/html5/thumbnails/10.jpg)
Eclipse Plugin – Enables Partial Code Scanning