An efficient application to check vulnerability in the software
What do you like best?
CheckMarx has been used an application to scan the applications to rectify vulnerability in the code and to check the security lapses. I have been using checkMarx to check the same in my .NET application and have found checkMarx to be great use. I would like to mention few good things about the same .
1.) It has support to many languages . In my case it can find the lapses in C#, Java script, J query , Typescript .
2.) The description is quite clear about the issues which makes it easier to understand the problem statement behind the security lapse.
3.) The online community present for CheckMarx is quite good which makes it easier to find the resolution
What do you dislike?
Even though CheckMarx is quite helpful to check the security threats in the application code there are few things which can be improved by the CheckMarx team to make it more useful and efficient .
1.) There are many false positives which increase a lot of issues which in turn are required to marked as non exploitable
2.) Per user cost of CheckMarx subscription is high which makes it difficult for the small organisation to own it completely.
Recommendations to others considering the product:
Use it to refactor the code of your application and re mediate the security lapses
What problems are you solving with the product? What benefits have you realized?
I have been using CheckMarx in my organisation to find the code related issues in the .NET application. This has helped in a great way to re mediate the security lapses and refactor the code to make it more efficient.
