FAQ


Here you can get all the Answers you want

CodeV, an intelligent software that has the ability to detect security flaws in software source code in all its stages of development, should be used by all team members: Developer, Project Manager, Quality Assurance Technician/Tester, Top Technical Management and Security Auditor. It will help them attain better security skills and support security and quality management. It also assures the security quality of your software, detecting possible attack vectors that could be exploited maliciously.
CodeV helps the developer in validating security automatically and periodically, through deterministic analyses, whenever there are changes in the source code of the software. It has as defining features its integration with version control systems and continuous integration systems, and also global reports for top and technical management that convey powerful information about the state of the software project and the security competency of your teams. All the results are characterized and classified under the main standards, such as CVE, CWE, OWASP Top 10 or PCI-DSS.
CodeV is made of a group of components that set it apart from the competition. Namely, the deterministic approach (context based, thus less prone to false positives), complete code flow analysis, personalization solution (SaaS, Appliance and Security Seals), integration with continuous integration systems, complete integration in the software development life-cycle, and last but not least, affordable and fair prices.
The vulnerability classification database is updated whenever there are new definitions, examples or suggestions for resolution. Note that CodeV contains classifications by OWASP, SANS, CWE and CVSS among others, according to the security community best practices, in addition to all the internal experience of CodeV teams.
Yes, CodeV is completely integrated with the Eclipse platform and Visual Studio, thus can be completely integrated into the software development cycle. In the internal code-browser and in the IDE Plugins, it's possible to see the line that contains the vulnerability through specific marks and highlighting. It also possible to check the reference and definition of the vulnerability type. Further, the user can look into the internal database for a set of solutions for the detected flaw.
CodeV prides itself on its deterministic approach that uses the various levels of contexts to verify the security flaw. The use this approach results in very few false positives. CodeV knows the possible values for a variable in every application flow and thus can know if it is vulnerable or not.
CodeV is made of a set of components that set it apart from the competition. Namely, the deterministic approach (context based, thus less prone to false positives), complete code flow analysis, solution personalization (SaaS, Appliance and Seals), integration with continuous integration systems (Sonar), complete integration in the software development life-cycle (Dashboard and IDE integration), and last but not least, the best price in the market.

DIDN'T YOU GET YOUR ANSWER?



PLEASE SAY TO US YOUR QUESTIONS


© Copyright 2015 CodeV