Code Dx, Inc., provider of an award-winning application security solution that automates and accelerates the discovery, prioritization, and management of software vulnerabilities, today announced version 2.6 of its flagship Application Software Vulnerability Correlation and Management solution, Code Dx Enterprise. It now provides expanded vulnerability mapping onto compliance regulations, integration with mobile application security testing tools and tools that scan third-party components, and many other new features and functionalities. The company is demonstrating this new version at its booth (#G8) at the APPSEC USA 2017 conference, September 21-22, 2017 in Orlando, Fla.
“Our focus for this upgrade was on increased compliance with industry regulations, as well as expanding the number of tools we support,” said Anita D’Amico, Ph.D., CEO of Code Dx. “The integration of NowSecure, Rapid7 AppSpider, and Black Duck Hub, as well as the dozens of other tools already integrated with Code Dx Enterprise, enables organizations to combine the results from multiple application security testing tools and get a better picture of their source code without the large expense of purchasing multiple tools individually.”
New Compliance Standards:
In addition to existing support for HIPAA and PCI-DSS compliance mapping, Code Dx Enterprise users are now able to map an application’s vulnerabilities to the following three security standards, helping to ensure compliance with these regulations:
  • NIST 800-53 – developed by the National Institute of Standards and Technology (NIST) to provide security controls for federal information systems, Code Dx Enterprise now allows organizations to ensure compliance with this standard.
  • OWASP Top 10 Mobile – developed by the Open Web Application Security Project (OWASP), this is a list of the top mobile security risks.
  • DISA STIG 4.3 – developed by the Defense Information Systems Agency (DISA), the Security Technical Implementation Guide (STIG) 4.3 is the newest version of a cybersecurity methodology designed to enhance security and reduce vulnerabilities.
New Tool Interfaces:
Code Dx Enterprise supports and integrates with a wide range of commercial and open-source application security testing (AST) tools and techniques, including static, dynamic, and interactive tools, third-party component analyzers, and manual reviews. New tools supported in version 2.6 include:
  • NowSecure – a commercial AST tool specifically designed for mobile applications.
  • Black Duck Hub – a software composition analyzer that allows users to test third-party components in applications for potential vulnerabilities and licensing violations.
  • Rapid7 AppSpider – a dynamic web application security testing tool that identifies vulnerabilities and expedites remediation.
  • Microsoft Threat Modeling – an AST tool that helps find threats in the design phase of software projects.