Features

Xanitizer » Features

risk-management

Risk Management

Xanitizer enables you to manage the internal security risks of your project and the external security risks which where introduced by libraries. Each finding is automatically classified according to its risk level.

  • Investigate the detected issues and identify their root cause.
  • Adapt classification, prioritize issues and add comments for team members.
  • Specify which team member is responsible for taking care of an issue.
  • Get proposals on how to fix a detected vulnerability.
  • Replace external libraries with known vulnerabilities by newer versions.
  • Track review state of all security issues.
  • Report your security risks to supervisors, executives, stakeholders, or customers.
compilance-standarts

Compliance & Standards

Xanitizer detects more than 50 different types of vulnerabilities in Java and Scala projects. Each finding is automatically assigned to a CWE number and to common industry standards.

  • Check if your project meets the leading industry standards like OWASP TOP 10 2013/2017, a list of critical security risks of web applications.
  • Assign vulnerability types for supporting your own compliance requirements.
excellent-accuracy-small

Excellent Accuracy

Xanitizer finds security vulnerabilities with excellent accuracy based on its static security analysis.

  • Avoid to check your own project as a black box.
  • Follow each control flow path automatically to analze any possible code location.
  • Reduce your reviewing efforts with minimized false alarms.
  • Enhance the accuracy even further by adding project specific rules.
root-cause-analysis

Root Cause Analysis

Xanitizer's unique visualizations like the Smart Call Graph combined with detailed explanations allows you to identify and understand the root cause for each detected security finding. This way you can easily decide how and where to fix a vulnerability.

  • Review detailed explanations regarding the root cause and the attack vector of a vulnerability.
  • Visualize the flow of manipulated data from an entry point into your application to the location where harm can be caused.
  • Use interactive navigation with drill-down and auto-masking to focus on a single security finding without getting lost in too much information.
  • Analyze each detected security issue down to its exact source code location.
  • Fix the detected vulnerabilities with the provided solution proposals.
ad-hoc-analysis

Ad Hoc Analysis

A full security analysis is not finished in a minute. To reduce the time required for a security review, Xanitizer provides an ad hoc security analysis that lets you quickly check for vulnerabilities connected with an interactively defined start or end point.

  • Run a "What If" analysis to check if any harm might be caused if a certain local variable is tainted or if a certain location could be reached by tainted data.
  • Validate the effect of your code and configuration changes.
sdlc

Easy Integration

Xanitizer is designed to become an essential part of your software development life cycle (SDLC) and to let you fully automate the security analysis process.

monitoring

Continuous Monitoring

Xanitizer provides several options to monitor your security enhancements on a high level.

  • Visualize the trend of your security level by using Xanitizer's dashboard.
  • Integrate it into the code quality management platform SonarQube and the vulnerability assessment collaboration tool Jackhammer.
  • Ensure that your team takes care of existing security vulnerabilities.
  • Report your trend to supervisors, executives, stakeholders, or customers.
reports

Flexible Reports

Xanitizer has an integrated reporting engine with predefined and adaptable report templates.

  • Document the results of your security analysis.
  • Demonstrate the benefit of your security enhancements to supervisors, executives, stakeholders, or customers.
  • Support your developers by exporting a very detailed report containing all relevant information for a single finding to fix the vulnerability.
  • Adapt the report templates to meet your requirements.
adaptions

Versatile Adaptations

Xanitizer finds vulnerabilities in your software out-of-the-box. But you can also adapt Xanitizer to meet your specific requirements.

  • Enable or disable vulnerability types to create security profiles that are specific for your project or company.
  • Adapt the categorization of vulnerability types to support your own compliance requirements.
  • Extend the predefined rule configurations or create your own rules for application specific security requirements.
  • Enhance Xanitizer to support further application specific frameworks.
  • Adapt report templates to meet your requirements.

User specific adaptations are also provided as a service.