Upload
checkmarx
View
143
Download
2
Embed Size (px)
DESCRIPTION
Being a cloud hosted operation; Navitas was very specific about its needs. Checkmarx was asked to provide a customized security solution that included: • PHP support and compatibility with Zend framework • Full GIT and Github Integration • Jenkins continuous integration server • Travis CI / Coveralls coverage (code coverage)
Citation preview
The RequirementsBeing a cloud hosted operation; Navitas was very speci�c about its needs. Checkmarx was asked to provide a customized security solution that included:• PHP support and compatibility with Zend framework.• Full GIT and Github Integration.• Jenkins continuous integration server.• Travis CI / Coveralls coverage (code coverage).
The Alternatives
Navitas previously tried to implement open source security solutions, namely RIPS, an open source PHP tool. But unfortunately the results were largely unsatisfactory, with the program not detecting all critical loopholes. These problems made Navitas understand that a more comprehensive and e�ective solution is needed.
The selection of Checkmarx
Navitas opened a trial account in Checkmarx to check its e�ectiveness. Navitas immediately noticed and appreciated the user-friendly and easy-to-use UI. The level of customization on offer was very useful, with CX Cloud syncing directly with Github for optimal results.
The ImplementationThe scan was performed at speeds of 100,000 LoC per 10 minutes, as requested by Navitas. The CI server used an API to initiate the static analysis and compile the report. Lots of high-risk issues, including hardcoded passwords, were located and eradicated with pin-point accuracy.
The Bottom LineCheckmarx simply had the best solution for us. Their product was very easy-to-use. Being able to "remember" what was non-exploitable from one scan to the next really helped our e�ectiveness. Due to the success we've seen with the Checkmarx application security testing, we are looking to expand the use of static analysis to other areas outside security.
Chris Kings-Lynne, R&D ManagerNavitas
Overview
Country: Australia
Website: www.navitas.com
Pro�le:Navitas is a global tertiary education provider specializing in educating international students. The company helps students from non-English speaking countries get their Australian/American degree. Their web based student management system, all written in PHP, is maintained by a team of 11 developers.
Industry: education
Navitas Checkmarx’scase study
NavitasCheakmarx’s case study