Abstract

The vast number of applications being coded and updated daily opens a vast attack surface for hackers. Exploiting software applications can be a very effective way for hackers to infiltrate businesses. It is essential that businesses be aware of potential security vulnerabilities in their applications so that they  can prioritize the appropriate remediation to protect their business assets.

Checkmarx commissioned Tolly to work with them on reviewing and documenting a comparison between Checkmarx and a competitor. The test encompassed scanning three applications using Static Application Security Testing (SAST) & two applications using Software Composition Analysis (SCA) testing. Results were analyzed to compare true positives, false positives, and false negatives.

Checkmarx demonstrated significantly better results - higher true positives (TP), lower false positives (FP), and lower false negatives (FN) - than the competing solution in tests of both SAST and SCA.