T-SEC Application Security Development
Xcheck
Introduction to Xcheck
Xcheck is a static application security testing (SAST) tool that aims to uncover hidden security risks in code and improve code security quality.
Xcheck supports security checks in Go, Java, Nodejs, PHP, and Python. Vulnerabilities include SQL injection, code injection, command injection, cross-site scripting, deserialization vulnerability, and path traversal. In terms of framework support, xcheck has built-in coverage of common web frameworks.
| language | frame |
|---|---|
| Go | Gin,Beego,Iris,net/http,fastrouter,httprouter,go-restful,mux |
| Java | Spring,HttpServlet,WebService,jax-rs |
| Nodejs | Koa,Express |
| PHP | Thinkphp,Laravel,CodeIgniter,Yii,Yaf |
| Python | Django,Flask,Tornado,Webpy,Bottle,BaseHTTPServer |
Directions for use
On the Solution page, you can see that the Xcheck security rule package is enabled in the TCA Official Experience Analysis Solution. Go to the official scheme > select the codebase for the analysis > start the analysis.
Note: Currently, Xcheck security rule packages can only be tried in the official experience analysis solution.
T-SEC Application Security Development
T-SEC Application Security Development
Application Security Development (codenamed Xcheck) provides you with high-quality code analysis services. With excellent algorithms and engineering implementations, Xcheck can find security vulnerabilities in the code at a very fast speed with a very low false positive and false negative rate.
Product Features:
Low false positives
Xcheck is able to accurately understand the syntax characteristics of different languages, which basically solves the false positives caused by not understanding the code. In addition, Xcheck is able to identify user-defined security guards, further reducing false positives
Low false negatives
Xcheck already has a rich set of rules built into mainstream frameworks and risk functions; In addition, for unsupported frameworks and functions, you can supplement the corresponding recognition capabilities with custom rules.
It’s fast
Xcheck has a set of excellent code analysis algorithms, which solves the problem of low efficiency of traditional static analysis tools on the premise of ensuring accurate analysis.
Compare editions
Function
- SaaS test drive
- Privatized Deployment Edition
Trial method
- WeChat login, online experience
- Contact a worker to apply for privatization testing
Suitable for
- Personal Security Researcher/Enterprise User
- Only applicable to corporate users
Trial time
- No limit
- Contact staff to request a test authorization
Number of scans
- There is a limit of 20 per account
- There is no limit to the number of times you can use the trial period
Supported Languages
- Java/Go/Python/PHP/JavaScript
- Java/Go/Python/PHP/JavaScript/C/C++
Code source
Only the platform can upload code compressed packages
- Support the platform to upload code compression packages;
- Git、SVN、FTP;
- Support integration into various DevOps platforms;
- Support integration into IDE tools in the form of plug-ins.
Platform features
Only task scanning and result viewing are supported
- Support task scanning and result viewing;
- Support project management capabilities;
- Support user organization structure setting and user role and authority management;
- Support rule customization and rule base management;
- Support statistical analysis;
- Support email, SMS, enterprise WeChat and defect management system docking;
- Support log management, device management, queue management, background configuration and other system settings