Versions Compared

Old Version 13

changes.mady.by.user Laura Mandolini

Saved on

compared with

New Version Current

changes.mady.by.user Laura Mandolini

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

See OWASP Benchmark results and our patented algorithm, named Dynamic Syntax Tree.

Anyway, you can mark such few False Positives Per Category, Per Issue and Per File. They will be listed inside the reports:

...

Table of Contents

What Is a False Positive?

...

Security Reviewer offers a Qualification Kit which provides documentation, test cases, and procedures that let you qualify Security Reviewer Code Inspection for projects based on the safety standards MISRA , CERT, CWE, and PCI-DSSand CERT.
The kit contains tool qualification plans, tool operational requirements, and other materials required for qualifying Security Reviewer for usage in safety critical projects. For every used feature of Security Reviewer the user is able to execute test cases in his environment that demonstrate the absence of errors.
The kit facilitates certification of embedded systems which use Security Reviewer for analysing analyzing developed code. The user can modify the artifacts in the tool qualification kit for its specific project.

...

The kit includes generic compliance reports that demonstrate compliance of Security Reviewer with essential security standards (including MISRA, CERT, PCI-DSS and CWE).

Why should Software Testing Tools be Qualified and not Certified?

...

  • v1.2 → 100%, with 0% of False Positives and 0% of False Negatives

  • v1.1 → 92%, with 5.1% of False Positives and 2.9% of False Negatives

  • v1.1+v.1.2 → 96% with 2.5% of average False Positive, on which the most important vulnerabilites have 0%.

...

It demonstrated the lowest False Positive Rate and Best Accuracy Score. Benchmark results can be independently verified. For more information, please contact Security Reviewer at info@securityreviewer.com

...

Web Application Security Scanner Evaluation Criteria

The Web Application Security Scanner Evaluation Criteria (WASSEC) from WASC is a set of guidelines to evaluate web application scanners on their ability to effectively test web applications and identify vulnerabilities.  Contents:

Categories 

Section 1 - Protocol Support

Section 2 - Authentication 

Section 3 - Session Management

Section 4 - Crawling

Section 5 - Parsing

Section 6 - Testing

Section 7 - Command and Control

Section 8 - Reporting 

It covers areas such as crawling, parsing, session handling, testing, and reporting.

The following WASSEC documents are available:

  • SecurityReviewer vs FORTIFY vs VERACODE

  • SecurityReviewer vs APPSCAN vs CHECKMARX

  • SecurityReviewer vs SONARQUBE vs CODACY

  • SecurityReviewer vs BLACKDUCK vs NEXUS

  • SecurityReviewer vs JULIA

Choose your preferred Code Inspection or SCA tool, and we provide a WASSEC document for you in a few days. Ask to info@securityreviewer.com

...

Most important vulnerabilities

...