We are the market leader for Static Application Security Testing (SAST). We enable developers to find and fix OWASP Top 10 issues and other security-related CWE issues in Java and C/C++ code—without requiring them to become security experts.
Our unique SAST capabilities:
Identify High-Impact Vulnerabilities: We accurately identify a wide range of security issues including cross-site scripting (XSS), SQL injection (SQLi), path manipulation, buffer overflows, integer overflows, race conditions, memory leaks, hard-coded credentials, security misconfiguration and many more.
Highly Accurate Analysis: One of the primary reasons that legacy security tools have failed in development is high false positives, or inaccurate results. We designed and built our engine to address the complexity of today’s modern applications, which leads to more accurate results.
Prescriptive Remediation Advice: We provide developers with precise and prescriptive remediation advice. They no longer require deep security expertise to resolve top OWASP issues. We show them exactly where the defect exists and where in the code to fix it.
Coverity Security Library: An open source project initiated by the Coverity Security Research Lab, the Coverity Security Library provides a free, simple, secure and well-tested library of escaping and encoding functions.
Integrated Quality and Security Management: We enable developers to manage quality and security defects from a single console and with one workflow, which improves overall development efficiency.
We have partnered with NT OBJECTives (NTO) to offer our customers the first developer-ready Integrated Application Security Testing (IAST) solution. This enables us to improve the collaboration between security and development teams and allows organizations to address security earlier in the lifecycle. Now, results from NTO’s Dynamic Application Security Testing (DAST) solution, NTOSpider, are integrated into the development workflow through Coverity Connect, our centralized issue management interface, and automatically correlated with our SAST findings.
Benefits of the IAST solution include:
Higher Confidence Results: Combine the detection of a potential vulnerability found through SAST, with verification through a real-time exploit attempt provided by DAST. IAST determines whether the vulnerability is real and where in the code is located.
Comprehensive Analysis: Tune the DAST analysis based on Coverity’s deep understanding of the application’s entry points and parameters.
Improved Efficiency: Address proven vulnerabilities more quickly and easily from within a unified workflow.
We help security teams lower their risk of security breaches by providing more visibility into potential areas of risk much earlier in the lifecycle and without requiring access to the code. Teams can quickly filter, view and report on outstanding security vulnerabilities and track improvements to the security posture across development sprints or cycles.
Establish and Enforce Security Compliance Policies: Coverity Policy Manager enables security teams to create consistent policies for code security and monitor compliance against the OWASP Top 10, PCI and internally developed compliance standards.
Improve Visibility into Risk: Security teams then quickly view which teams or projects are out of compliance with the established policies and track overall security trends over time.
Empower Developers to Find and Fix Critical Defects: The Coverity Development Testing Platform enables developers to find and fix critical security vulnerabilities such as OWASP Top 10 and PCI compliance issues, without requiring security expertise and within the same workflow they use to manage quality. With our remediation engine, we show developers exactly where the issue exists and where to fix it. This enables organizations to scale security efforts while consistently managing and measuring the overall secure development lifecycle.
Seamless Integration with Your Existing Process: Our development testing platform is an open and extensible solution which is designed to integrate with existing tools and processes. We help mitigate security risks through focused development testing without getting in the way or slowing development down.
Our platform helps developers build-in security from the start, effectively and efficiently, and builds a bridge between development and security teams.
Find Critical Defects: Automatically identify critical defects as the code is written, without getting slowed down by noisy results.
Fix Problems Quickly: Use Coverity’s patent-pending remediation engine to quickly fix vulnerabilities, without requiring deep expertise.
Avoid Re-Work and Delays: Identify defects as the code is written, to avoid costly re-work and delays caused by issues found late in the development cycle.
Improved Collaboration with Security: Work together to ensure security policies are clear and teams are meeting internal security standards.