Checkmarx Debuts CxRASP Application Security Platform | eWeek

Checkmarx Debuts CxRASP Application Security Platform

checkmarx and apps
Écrit par
Nathan Eddy
Nathan Eddy
Jan 29, 2015
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Software application security firm Checkmarx launched its Runtime Application Self-Protection (RASP) solution, CxRASP, which uses unique two-point instrumentation technology to continuously observe an app’s bidirectional data flow.

Designed to enable the detection and defense against real-time attacks, CxRASP is the latest addition to the company’s Application Security Hub, which provides a range of solutions to ensure application security throughout the software development lifecycle as well as while in production.

“Any organization that sells software, be it Microsoft, SAP, Adobe or Salesforce.com, or uses software as part of its ongoing business operation and would like to protect its data—this could include most medium to large organizations,” Asaph Schulman, vice president of marketing at Checkmarx, told eWEEK.

Checkmarx’s technology listens at each interaction junction of the app, covering access points between the application and the user, the database, the network and the file system, respectively. As of now, CxRASP covers SQL injection, cross-site scripting (XSS) and file manipulation, and the list is expanding, Schulman said.

With visibility into the app’s input and output, the CxRASP solution tailors the protection mechanism to the specific flow within the application to achieve improved detection accuracy in real time.

The product flags suspicious activity when it enters the app, and then verifies if it is actually malicious at the output to minimize false positives and false negatives.

When an attack is identified, the organization is alerted and instructions are sent on how to fix the vulnerability.

The product is also integrated with the company’s Static Application Security Testing (SAST) CxSuite Solution and may be integrated with other SAST vendors, ensuring application protection both during and after the development process.

When it comes to application security technology, static code analysis is gaining a lot of momentum, and the company sees a huge trend of organizations looking to align quality-assurance testing alongside application security testing as an integral part of their software development lifecycle environment, Schulman said.

“This means integrating it with components like source repositories, build servers and bug-tracking tools, and a full automation of the testing process based on the organization’s security policy,” Schulman explained. “We also see a huge uptake of scripting languages, specifically JavaScript for both client-side and server-side programming (Node.JS), with an emphasis on the latter. JavaScript is very difficult to test and wasn’t designed for server-side development, so it inherently carries a lot of vulnerabilities.”

Schulman said Checkmarx static code analysis is excellent at detecting those vulnerabilities in both client/server-side JS, and at showing developers where and how to fix them. The company’s RASP solution will offer support for client/server side JavaScript protection in the second quarter of 2015.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.