Copyright - Suzhou Wax Information Technology Co., Ltd. | Copyright - 2018 All Rights Reserved.
Add：Suzhou Industrial Park, 388 Xinping Street takeoff Innovation Park Tower A1-205
Suzhou Sinocax Information Technology Co., Ltd. is engaged in a high-tech software technology company, the company's business scope includes: 1, providing big data storage, analysis, mining solutions and services and implementation...
Static Software Source Code Security Test Solution - Fortify SCA
Fortify SCA is a static, white box software source code security testing tool. It uses a built-in analysis of the five main analysis of the source code of the application software for static analysis, the source code scanning security vulnerabilities exist, and to give a report. The results of the scan include not only detailed information on the security vulnerabilities, but also instructions on the related security knowledge and the advice on how to fix it.
Foritfy SCA consists of five major analysis engine:
Data Flow Engine: Track, record, and analyze security issues arising from the data transfer process in the program.
Semantic Engine: Analyze unsafe functions in programs, and use security methods.
Structural Engine: Analyzes the procedural context and the security issues in the structure.
Control Flow Engine: Analyzes the safety issues of executing operational instructions at specific times and states.
Configuration Engine: Analyze sensitive information in project configuration files and configure missing security issues.
Unique X-Tier ™ Tracker: Jumps up and down the project to analyze problems through procedures
The largest rule package, is currently the industry's largest and most complete rules package;
Support for the language most, cross-layer, cross-language analysis of the code generated loopholes: C, C ++, .Net, Java, JSP, PL / SQL, T-SQL, XML, CFML, VBScript;
Accurately locate the full path of the loopholes generated, but also can graphically display the loopholes generated to facilitate the audit;
Most supported platforms are supported on virtually all platforms: Windows, Solaris, Red Hat Linux, Mac OS X, HP-UX, IBM AIX;
IDE supports VS, Eclipse, RAD, WSAD.
Discover the root cause of security holes in static code (static analysis) and running applications (dynamic analysis)
Over 480 vulnerabilities were discovered, supporting 19 languages and more than 680,000 APIs
Fix the most important security issues more quickly through collaboration
Control existing vulnerabilities in deployed software so they are not harmful
Control software security process
Prevent risks by leveraging the industry-leading team dedicated to continuous research on application security
Ensures compliance with government and industry compliance standards and internal policies such as Payment Card Industry Data Security Standard (PCI DSS), Federal Information Security Management Act (FISMA), Sarbanes-Oxley Act, Health Insurance Portability and Accountability Act ( HIPAA), North American Electric Reliability Corporation (NERC) standards and the like.
Beijing Information Security Assessment Center
National Information Technology Security Research Center
China Construction Bank
China Postal Savings Bank
Pudong Development Bank
China Minsheng Bank
Bank of Beijing