...
See OWASP Benchmark results and our patented algorithm, named Dynamic Syntax Tree.
Anyway, you can mark such few False Positives Per Category, Per Issue and Per File. They will be listed inside the reports:
...
Table of Contents |
---|
What Is a False Positive?
...
Security Reviewer offers a Qualification Kit which provides documentation, test cases, and procedures that let you qualify Security Reviewer Code Inspection for projects based on the safety standards MISRA , CERT, CWE, and PCI-DSSand CERT.
The kit contains tool qualification plans, tool operational requirements, and other materials required for qualifying Security Reviewer for usage in safety critical projects. For every used feature of Security Reviewer the user is able to execute test cases in his environment that demonstrate the absence of errors.
The kit facilitates certification of embedded systems which use Security Reviewer for analysing analyzing developed code. The user can modify the artifacts in the tool qualification kit for its specific project.
...
The kit includes generic compliance reports that demonstrate compliance of Security Reviewer with essential security standards (including MISRA, CERT, PCI-DSS and CWE).
Why should Software Testing Tools be Qualified and not Certified?
...
v1.2 → 100%, with 0% of False Positives and 0% of False Negatives
v1.1 → 92%, with 5.1% of False Positives and 2.9% of False Negatives
v1.1+v.1.2 → 96% with 2.5% of average False Positive, on which the most important vulnerabilites have 0%.
...
It demonstrated the lowest False Positive Rate and Best Accuracy Score. Benchmark results can be independently verified. For more information, please contact Security Reviewer at info@securityreviewer.com
...
Web Application Security Scanner Evaluation Criteria
The Web Application Security Scanner Evaluation Criteria (WASSEC) from WASC is a set of guidelines to evaluate web application scanners on their ability to effectively test web applications and identify vulnerabilities. Contents:
Categories
Section 1 - Protocol Support
Section 2 - Authentication
Section 3 - Session Management
Section 4 - Crawling
Section 5 - Parsing
Section 6 - Testing
Section 7 - Command and Control
Section 8 - Reporting
It covers areas such as crawling, parsing, session handling, testing, and reporting.
The following WASSEC documents are available:
SecurityReviewer vs FORTIFY vs VERACODE
SecurityReviewer vs APPSCAN vs CHECKMARX
SecurityReviewer vs SONARQUBE vs CODACY
SecurityReviewer vs BLACKDUCK vs NEXUS
SecurityReviewer vs JULIA
Choose your preferred Code Inspection or SCA tool, and we provide a WASSEC document for you in a few days. Ask to info@securityreviewer.com
...
Most important vulnerabilities
...