You hear about security threats every day. Do something about it.

More and more, the world runs on software. Depends on it. And the requirements for those developing software keep growing. Make it faster, better, more secure.

Faster? Check. Better? Check. Secure? It's not easy to know and validate. And the risk is large. Not only can hackers damage your product, your company, and your brand, they can put lives at risk by adjusting the braking system on a car, interfering with pacemakers, or worse. Development teams own the functionality and the responsibility for ensuring code is tested and secure.

Protect your code, your product, your brand, and your livelihood with Klocwork static code analysis. Klocwork automates the detection of hundreds of potential security vulnerabilities in source code from the convenience of the developer desktop and the speed of Continuous Integration (CI) systems. Apply a consistent, best practice approach to identifying, fixing and managing real security vulnerabilities across your organization. 

Built-in checkers for secure coding standards

Most organizations need to comply with multiple coding standards to ensure software security. Klocwork includes built-in checkers to support all of the leading standards:

  • CWE
  • CERT
  • DISA STIG v3 and v4
  • CWE/SANS Top 25
  • OWASP
  • MISRA

A configurable arsenal of security checkers out of the box, or create your own

Klocwork ships with hundreds of checkers. Our static code analysis engine can be tailored to enforce the rules for compliance with each standard by enabling or disabling individual checkers or full checker groups to meet the specific needs of your software development environment and processes. We've also worked with some of the largest consumer, military, communications, electronic, mobile and other companies in the world to create a checker API, providing your teams the ability to quickly and easily create customized security checkers.

Klocwork is engineered to detect these weaknesses:

  • Buffer overflows
  • Un-validated user input
  • Injection
  • Cross-site scripting
  • Information leakage
  • Vulnerable coding practices
  • Banned APIs
  • Memory and resource leaks
  • Concurrency violations
  • Infinite loops
  • Dereferencing NULL pointers
  • Usage of uninitialized data
  • Resource management
  • Memory allocation errors

Spreading security standards across the organization

Consistency within the team and across many teams is critical. That's why Klocwork pushes the chosen security coding standards and their associated checkers and taxonomies to every developer's desktop. Everyone is notified as they write their code if they have violated the standards or introduced any vulnerabilities or defects. Fix any potential software security problems immediately, before code check-in. This frees up valuable developer time to work on more critical assignments.

Klocwork includes built-in security reports based on the latest security standards such as the CWE Top 25, CERT-C, DISA-STIG and others which make it easy to share the security vulnerability trends with management and other stakeholders. To help get new team members up to speed as quickly as possible, Klocwork provides issue-specific links to our help knowledge base, allowing the entire team to share and learn from industry best practices for each specific defect type, explaining both the risk and how to best mitigate each issue.

To watch an overview of our security reporting capabilities click here, or to learn more and view code samples, check out our defect and vulnerability page.

Klocwork is used in many of the largest, most demanding software development environments in the world. Try it on your code today by requesting a free product trial.

Learn more about our capabilities.