Checkmarx Interactive Application Security Testing (CxIAST)

Checkmarx Interactive Application Security Testing (CxIAST) helps companies automate the detection of runtime vulnerabilities during functional testing of their software.

CxIAST supports languages and frameworks including Java, NodeJS, and Microsoft .NET. Its vulnerability coverage includes tests for SQL injection, XSS injection, OS command injection, path traversal, XPath injection, perimeter tampering, open redirect, trust boundary violation, cross site request forgery, sensitive data leakage, and others.

Checkmarx notes several features of the platform:

• Checkmarx says that its CxIAST product is the only IAST product in the market that is fully integrated with a SAST solution, enabling cross-product correlations which shorten the time between identifying and remediating vulnerabilities. The code-level insight produced by static analysis, combined with the run-time knowledge coming from IAST, provides developers with a better understanding of where to fix the problem.
• CxIAST relieves organizations from having to carry out dedicated security testing on running applications. The company says that its IAST is a non-intrusive agent which transparently integrates into the testing environment, continuously monitoring application activity and providing real-time feedback.
• CxIAST is built for DevOps and fits into QA automation and continuous integration (CI) and continuous deployment (CD) pipelines. The company says that because detection of vulnerabilities and running applications is automated, its software can support application portfolios of virtually any size.