Protect what's dear to you
and automatically check
your code for vulnerabilities.

RIGS IT website banner with slogan
RIGS IT website banner with slogan

Run your Xanitizer security analysis right on your GitHub repository and see the results in GitHub’s new Security tab.
Visit us digitally at the heise devSec conference from October 21 to 22 or the whole year at the it-sa 365 expo.

Xanitizer Key Facts

Examples of vulnerability types detected by Xanitizer.

Offers excellent accuracy, as demonstrated on the OWASP Benchmark test suite by detecting 100% of the vulnerabilities with 0% false alarms.

Detects more than 100 different vulnerability types like SQL Injection, XSS, XEE, Privacy Leaks, and Misues of Cryptographic APIs.

Usable for any application written in Java, Scala, JavaScript/TypeScript and their common presentation frameworks like JSP, JSF or Angular.

Pricing starts at 400 Euro for a day license and at 9,000 Euro for an annual license.

Get a short summary of the main features.

Examples of vulnerability types detected by Xanitizer.

Xanitizer specializes in security analysis of web applications and also considers the behavior of the applied web frameworks. By means of static code analysis the tool systematically scans the program code of an entire system for security vulnerabilities. Xanitizer investigates not only the source code, but also configuration files and templates for rendering the HTML output.

Xanitizer is the essential tool for security auditors of web applications. Xanitizer is available for Windows, Linux, and macOS and can easily be integrated into the build process, automatically and regularly performing its analysis tasks, reporting detected security issues and monitoring your security enhancements.

Xanitizer Highlights

Integrate Xanitizer into your SDLC to detect your security problems even before the application is runnable.

Early Detection

Integrate Xanitizer already into the implementation phase of your Software Development Life Cycle (SDLC) to detect security vulnerabilities even before the application is runnable.

Xanitizer finds security vulnerabilities with excellent accuracy.

Excellent Accuracy

As a Static Application Security Testing (SAST) Tool, Xanitizer finds security vulnerabilities with excellent accuracy to reduce your security risks and reduces false alarms to minimize your reviewing efforts.

Easily understand the root cause for each detected security vulnerability.

Clear Results

With Xanitizer's unique visualizations you can easily understand the root cause of a detected security vulnerability and drill down to its exact code location.

Xanitizer Customers

During our startup phase we sought a solution that was within our budget but also allowed our Application Security program to mature. We decided on Xanitizer because of its scan depth and ability to integrate into our build and deployment pipeline. Additionally, a key aspect of Xanitizer that we have leveraged is the reporting capability that has allowed us to prioritize findings and demonstrate to our regulated customers that we have a mature Application Security program.

Xanitizer is a very useful and powerful tool for Java code analysis. I'm exited about the taint analysis, which makes it possible to work through the code in a well structured way. The integration of additional scanning tools like OWASP Dependency Check or SpotBugs provides valuable results. The enclosed tutorial is very helpful for the orientation and to understand how Xanitizer works.

Bernhard Hirschmann, Security Expert, EXXETA AG

We appreciate Xanitizer in the Java based application environment as SAST tool, which is applicable intuitively and can be integrated very well.

More and more of our customers consider software security as a key requirement for their software projects. With Xanitizer I can easily review the existing code base to identify critical areas and recommend architectural changes that reduce their risk level.

At the current time our customers' day-to-day routine for security checks includes security source code reviews as well as classic penetration tests. For us, Xanitizer is an essential tool for checking JEE applications and deeply integrated in our testing approaches. Comparing its capability to other larger tool creators, we appraise the usage of Xanitizer as productive and viable for the future.

Dr. Florian Hauser, Lead Information Security Consultant, msg systems ag

Xanitizer Impressions

Xanitizer screenshot of the dashboard.
Xanitizer screenshot of the dashboard's finding ratings chart.
Xanitizer screenshot of the dashboard's OWASP Top 10 2017 vulnerabilities chart.
Xanitizer screenshot of the dashboard's hot spot files chart.
Xanitizer screenshot of the dashboard's trend chart.
Xanitizer screenshot of the automatically detected vulnerabilities sorted by their detection date.
Xanitizer screenshot of the highlighted source code path for an automatically detected 'SQL Injection' vulnerability.
Xanitizer screenshot of an automatically detected 'OS Command Injection' vulnerability.
Xanitizer Screenshot of the finding details of an automatically detected library with known vulnerabilities.
Xanitizer screenshot of the problem type description for an automatically detected 'Unsecured Cookie' vulnerability.
previous arrow
next arrow

Xanitizer Introduction