Xanitizer » Features

Manage the internal and external security risks of your projects.

Risk Management

Xanitizer enables you to manage the internal security risks of your project and the external security risks which where introduced by libraries. Each finding is automatically classified according to its risk level.

  • Investigate the detected issues and identify their root cause.
  • Adapt classification, prioritize issues and add comments for team members.
  • Specify which team member is responsible for taking care of an issue.
  • Get proposals on how to fix a detected vulnerability.
  • Replace external libraries with known vulnerabilities by newer versions.
  • Track review state of all security issues.
  • Report your security risks to supervisors, executives, stakeholders, or customers.
Xanitizer automatically assigns vulnerablity findings to common industry standards.

Compliance & Standards

Xanitizer detects more than 100 different types of vulnerabilities in Java, JavaScript/TypeScript, Angular and Scala projects. Each finding is automatically assigned to a CWE number and to common industry standards.

  • Check if your project meets the leading industry standards like OWASP TOP 10 2013/2017, a list of critical security risks of web applications, or CWE/SANS Top 25, a list of most dangerous software errors.
  • Assign vulnerability types for supporting your own compliance requirements.
Xanitizer finds security vulnerabilities with excellent accuracy.

Excellent Accuracy

Xanitizer finds security vulnerabilities with excellent accuracy based on its static security analysis.

Identify and understand the root cause for each automatically detected security vulnerability.

Root Cause Analysis

Xanitizer's unique visualizations like the Smart Call Graph combined with detailed explanations allows you to identify and understand the root cause for each detected security finding. This way you can easily decide how and where to fix a vulnerability.

  • Review detailed explanations regarding the root cause and the attack vector of a vulnerability.
  • Visualize the flow of manipulated data from an entry point into your application to the location where harm can be caused.
  • Use interactive navigation with drill-down and auto-masking to focus on a single security finding without getting lost in too much information.
  • Analyze each detected security issue down to its exact source code location.
  • Fix the detected vulnerabilities with the provided solution proposals.
Quickly check for vulnerabilities with an ad hoc analysis.

Ad Hoc Analysis

A full security analysis is not finished in a minute. To reduce the time required for a security review, Xanitizer provides an ad hoc security analysis that lets you quickly check for vulnerabilities connected with an interactively defined start or end point.

  • Run a "What If" analysis to check if any harm might be caused if a certain local variable is tainted or if a certain location could be reached by tainted data.
  • Validate the effect of your code and configuration changes.
Integrate Xanitizer into your SDLC to detect your security problems even before the application is runnable.

Easy Integration

Xanitizer is designed to become an essential part of your software development life cycle (SDLC) and to let you fully automate the security analysis process.

Continuously monitor your security enhancements with Xanitizer.

Continuous Monitoring

Xanitizer provides several options to monitor your security enhancements on a high level.

  • Visualize the trend of your security level by using Xanitizer's dashboard.
  • Integrate it into the code quality management platform SonarQube, OWASP DefectDojo and the vulnerability assessment collaboration tool Jackhammer.
  • Ensure that your team takes care of existing security vulnerabilities.
  • Report your trend to supervisors, executives, stakeholders, or customers.
Document the results of your security analysis with predefined and adaptable reports.

Flexible Reports

Xanitizer has an integrated reporting engine with predefined and adaptable report templates.

  • Document the results of your security analysis.
  • Demonstrate the benefit of your security enhancements to supervisors, executives, stakeholders, or customers.
  • Support your developers by exporting a very detailed report containing all relevant information for a single finding to fix the vulnerability.
  • Adapt the report templates to meet your requirements.
Adapt Xanitizer to meet your specific requirements.

Versatile Adaptations

Xanitizer finds vulnerabilities in your software out-of-the-box. But you can also adapt Xanitizer to meet your specific requirements.

  • Enable or disable vulnerability types to create security profiles that are specific for your project or company.
  • Adapt the categorization of vulnerability types to support your own compliance requirements.
  • Extend the predefined rule configurations or create your own rules for application specific security requirements.
  • Enhance Xanitizer to support further application specific frameworks.
  • Adapt report templates to meet your requirements.

User specific adaptations are also provided as a service.