{"id":80372,"date":"2022-11-22T15:41:19","date_gmt":"2022-11-22T20:41:19","guid":{"rendered":"https:\/\/staging.checkmarx.com\/?p=80372"},"modified":"2024-07-22T14:49:52","modified_gmt":"2024-07-22T14:49:52","slug":"presets-queries-onboarding-the-checkmarx-one-difference","status":"publish","type":"post","link":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/","title":{"rendered":"Presets, Queries, & Onboarding: The Checkmarx One Difference"},"content":{"rendered":"

\n\n\n<\/p>\n

Introduction To Checkmarx One<\/h2>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

As more and more companies adopt modern application development methodologies and aim to \u201cshift-left,\u201d they are also adopting modern application security testing (AST) tools and best practices like integrating and automating AST tools into their development pipelines. But are these companies ensuring that they\u2019re checking for the appropriate risks and working with high-fidelity results?<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Checkmarx, a leader in Gartner\u2019s AppSec Magic Quadrant for five consecutive years, understands the needs of modern development. In an effort to streamline scanning and help development teams secure code without slowing time to market, we released Checkmarx One\u2122, the most comprehensive application AST platform on the market. Checkmarx One brings our industry-leading SAST engine (and many others such as SCA, KICS, etc.) to your AppSec and development team via the cloud.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

However, flexibility and speed-to-scan delivery are only part of the modern AppSec equation. Equally, if not more important, is providing solutions to the question above\u2014this is where key Checkmarx One differentiators, presets and queries, make all the difference.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n\u00a0\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Presets And Queries In Checkmarx One<\/h2>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Before we dig into how exactly Checkmarx One\u2019s presets and queries can help us address the challenge of checking for appropriate risks and working with high-fidelity results, it is important to understand the basics of both, including how they are used in the SAST engine scan process:<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Preset = collection of vulnerability queries that define the scope of the SAST scan<\/em><\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Query = vulnerability rule written in CxQL<\/em><\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Any SAST engine scan initiated through Checkmarx One must have a preset defined at the organization, project, or scan level \u2014see below for an example of a SAST preset being set on project creation via a presetName<\/em> rule:<\/p>\n

\"\"<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

Note: The full list of predefined presets that are available in Checkmarx One can be found in our documentation here<\/a>.<\/p>\n

\n\n\n\n<\/p>\n

Selecting a preset from the drop-down menu, such as OWASP Top 10 \u2013 2021, will limit that project\u2019s scans to only check for vulnerability queries specific to the top 10 web application security risks according to the OWASP (Open Web Application Security Project) compliance guidelines for 2021.<\/p>\n

\n\n\n<\/p>\n

\n\n\n<\/p>\n

After selecting a preset, each SAST scan generally follows this high-level process:<\/p>\n

    \n
  1. Parse source code<\/li>\n
  2. Build AST and DOM<\/li>\n
  3. Build data-flow graphs (DFG) from code\u2019s source and sinks<\/li>\n
  4. Execute the scan preset\u2019s queries<\/em> against the DFGs<\/li>\n
  5. Return vulnerabilities<\/li>\n<\/ol>\n

    As we saw in the definition provided for presets, they are integral to a successful, actionable SAST scan. Incorrectly setting a scan\u2019s scope can cause scans to run long and inefficiently<\/em>, but, even more detrimental, have results that provide a lot of noise<\/em> and unnecessary work and confusion for your triaging teams.<\/p>\n

    \n\n\n<\/p>\n

    \n\n\n<\/p>\n

    Note: When evaluating AppSec platforms, it is important to verify that the SAST engine includes some sort of preset functionality as many solutions do not provide one which makes it impossible to limit result \u201cnoise.\u201d<\/p>\n

    \n\n\n<\/p>\n

    \n\n\n<\/p>\n

    Speaking of triaging, while presets can ensure the correct scan scope, if your SAST results are not of high-quality and contain too many false positives (FP) or false negatives (FN) then your SAST solution runs the risk of becoming \u2018shelfware\u2019. This is another area in which Checkmarx One excels compared to competing solutions, as only Checkmarx One\u2019s SAST vulnerability queries use a proprietary syntax, CxQL (C# derivative), that allows AppSec teams to easily customize vulnerability queries as needed to remove false positives and false negatives.<\/p>\n

    \n\n\n<\/p>\n

    \n\n\n<\/p>\n

    A common use case that neatly highlights the benefits of customizing queries can be found in cross-site scripting (XSS) vulnerability findings where a false positive may be occurring due to the use of an in-house sanitizer method that is not included in the Checkmarx One default out-of-the-box query. We can simply add this method to the appropriate CxQL query and rescan the project to remove the FP.<\/p>\n

    \n\n\n<\/p>\n

    \n\n\n<\/p>\n

    See this screenshot showing the \u2018Find_full_XSS_Sanitize\u2019 query via Checkmarx One\u2019s CxAudit console:<\/p>\n

    \"\"<\/p>\n

    Now that we understand the basics and benefits of presets and queries and Checkmarx One, let\u2019s take an in-depth look at how we make the best use of both.<\/p>\n

    \n\n<\/p>\n\u00a0\n

    \n\n<\/p>\n

    \n\n<\/p>\n

    Preset Selection: Recommendations And Best Practices<\/h2>\n

    \n\n<\/p>\n

    \n\n<\/p>\n

    There are several preset selection strategies that have proved to be successful amongst our customers of all sizes, from SMBs to the largest Fortune 500 enterprises:<\/p>\n

      \n
    1. Only scan for what can be \u2018reasonably remediated\u2019<\/li>\n
    2. Design custom presets based on application type and threat modeling<\/li>\n
    3. Start small and expand\u2014maturity model approach<\/li>\n<\/ol>\n

      Only Scan For What Can Be Reasonably Remedlated<\/h2>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      One of the common mistakes that we see for those both early in their SAST scanning journey and those with mature programs is a misguided but intentional approach to scanning for everything. A desire to get their money\u2019s worth or prevent all possible risks results in their initial preset selections (or lack of options to choose a preset with competitors) returning an unworkable volume of risks that weighs on all teams involved. Unfortunately, this tends to result in major efforts to review and triage these extreme volumes of findings, only for development teams to end up prioritizing and remediating a handful of vulnerabilities.<\/p>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      A better approach is to consider what is most critical for each project\/team to remediate and select a preset with a scope that allows your teams to reasonably address and fix these issues before the next scan. This can help prevent frustration at unresolved issues and create momentum as teams close out issues.<\/p>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      Select Presets Based On App Type And Threat Modeling<\/h2>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      It is also extremely important to use your knowledge and understanding of a project to choose presets which make sense based on the application\u2019s architecture and application type.<\/p>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      Application type can influence the kind of weaknesses an application may be susceptible to.\u00a0 For example, if there is no front-end web code in the application, XSS vulnerabilities, by definition, will not be present\u2014so it does not make sense to use a preset that will try to find XSS weaknesses. Or, if an application doesn\u2019t communicate with a database, SQL injection vulnerabilities will not be present and don\u2019t need to be sought either.<\/p>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      This is where the use of predefined presets such as Android, Apple Secure Coding Guide, JSSEC, OWASP Mobile Top 10 \u2013 2016, OWASP Top 10 API, WordPress, etc. are beneficial.<\/p>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      Start Small And Expand: Maturity Model Approach<\/h2>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      Starting small is a good strategy for any customer, no matter the size, resource capacity, or AppSec maturity. But, it\u2019s particularly appropriate for development teams that are new to application security testing. Starting small when selecting a preset will ensure teams aren\u2019t overwhelmed or scared away by thousands of results.\u00a0 Once a team has sufficiently triaged results found with a small, targeted preset, the scope of the preset can be widened to look for additional kinds of results.<\/p>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      This approach is most often implemented by taking a severity-based approach.<\/p>\n

      \n\n<\/p>\n

      \n\n<\/p>\n

      An example maturity model, utilizing the predefined presets, may look like the following, with each preset used until all scan findings for that preset are remediated, after which, the project advances to use the next preset:<\/p>\n

        \n
      1. OWASP Top 10 – 2021<\/li>\n
      2. High and Medium<\/li>\n
      3. High, Medium, and Low<\/li>\n
      4. ASA Premium<\/li>\n<\/ol>\n

        \n\n<\/p>\n

        \n\n<\/p>\n

        Project Onboarding: Putting It All Together<\/h2>\n

        \n\n<\/p>\n

        \n\n<\/p>\n

        As noted previously, choosing the right preset is only half of the battle in providing suitable and high-fidelity SAST scan results. Each preset includes a selection of vulnerability queries, and it is these queries that ultimately identify the risks within a scan. The accuracy and robustness of each query is the driving factor in whether FPs or FNs are present in your SAST scan results and Checkmarx One\u2019s SAST engine is the only AppSec platform with a truly flexible query language open to its users.<\/p>\n

        \n\n<\/p>\n

        \n\n<\/p>\n

        We recommend that our customers, either themselves or utilizing our services, perform a process that we call project onboarding first for their \u2018main business applications\u2019 followed by lower priority applications. Project onboarding is an optimization process that includes the following:<\/p>\n

          \n
        1. Use selection strategies to select appropriate starting preset<\/li>\n
        2. Perform initial scan<\/li>\n
        3. Triage results to identify TP, FP, and FN<\/li>\n
        4. Modify vulnerability queries to remove any quality issues found in step #3<\/li>\n
        5. Adjust\/select new preset if scope adjustment required<\/li>\n
        6. Rescan and repeat process as necessary<\/li>\n<\/ol>\n

          This type of complete and dynamic approach is required as the industry changes to modern application development and its push for integrated SAST and other engine scans become more and more prevalent. Checkmarx One and its SAST engine are one-of-a-kind, and our unique use of presets and queries set us apart.<\/p>\n

          \n\n<\/p>\n

          \n\n<\/p>\n\u00a0\u00a0\n

          \n\n<\/p>\n

          \n\n<\/p>\n

          Request A Demo<\/h2>\n

          \n\n<\/p>\n

          \n\n<\/p>\n

          Reach out to us today to request a demo<\/a>, or sign up for a Free Trial<\/a> to see for yourself!<\/p>\n

          \n\n<\/p>\n

          \n\n<\/p>\n

          \n

          \n\n<\/p>","protected":false},"excerpt":{"rendered":"

          Introduction To Checkmarx One As more and more companies adopt modern application development methodologies and aim to \u201cshift-left,\u201d they are also adopting modern application security testing (AST) tools and best practices like integrating and automating AST tools into their development pipelines. But are these companies ensuring that they\u2019re checking for the appropriate risks and working […]<\/p>\n","protected":false},"author":74,"featured_media":80373,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[84],"tags":[142,87,189,412,190],"class_list":["post-80372","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog","tag-application-security-testing","tag-appsec","tag-article","tag-checkmarx-one","tag-english"],"acf":[],"yoast_head":"\nPresets, Queries, & Onboarding: The Checkmarx One Difference - Checkmarx.com<\/title>\n<meta name=\"description\" content=\"What Sets Checkmarx One Apart? Dive into Presets, Queries & Onboarding \u0096 Features that Deliver High-Fidelity SAST Scans.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Presets, Queries, & Onboarding: The Checkmarx One Difference\" \/>\n<meta property=\"og:description\" content=\"Flexibility and speed-to-scan delivery are only part of the modern AppSec equation. Read our blog to learn how Checkmarx One differentiators, presets and queries, can make all the difference.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/\" \/>\n<meta property=\"og:site_name\" content=\"Checkmarx\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\" \/>\n<meta property=\"article:published_time\" content=\"2022-11-22T20:41:19+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2024-07-22T14:49:52+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Andrew Schmit\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:title\" content=\"Presets, Queries, & Onboarding: The Checkmarx One Difference\" \/>\n<meta name=\"twitter:description\" content=\"Flexibility and speed-to-scan delivery are only part of the modern AppSec equation. Read our blog to learn how Checkmarx One differentiators, presets and queries, can make all the difference.\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg\" \/>\n<meta name=\"twitter:creator\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:site\" content=\"@checkmarx\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Andrew Schmit\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"7 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/\"},\"author\":{\"name\":\"Andrew Schmit\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/90591f94713f1c0add7f4ca84efa514f\"},\"headline\":\"Presets, Queries, & Onboarding: The Checkmarx One Difference\",\"datePublished\":\"2022-11-22T20:41:19+00:00\",\"dateModified\":\"2024-07-22T14:49:52+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/\"},\"wordCount\":1438,\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg\",\"keywords\":[\"Application Security Testing\",\"AppSec\",\"Article\",\"checkmarx one\",\"English\"],\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/\",\"url\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/\",\"name\":\"Presets, Queries, & Onboarding: The Checkmarx One Difference - Checkmarx.com\",\"isPartOf\":{\"@id\":\"https:\/\/checkmarx.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg\",\"datePublished\":\"2022-11-22T20:41:19+00:00\",\"dateModified\":\"2024-07-22T14:49:52+00:00\",\"description\":\"What Sets Checkmarx One Apart? Dive into Presets, Queries & Onboarding \u0096 Features that Deliver High-Fidelity SAST Scans.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#primaryimage\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg\",\"width\":1600,\"height\":800},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/checkmarx.com\/#website\",\"url\":\"https:\/\/checkmarx.com\/\",\"name\":\"Checkmarx\",\"description\":\"The world runs on code. We secure it.\",\"publisher\":{\"@id\":\"https:\/\/checkmarx.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/checkmarx.com\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/checkmarx.com\/#organization\",\"name\":\"Checkmarx\",\"url\":\"https:\/\/checkmarx.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg\",\"width\":1,\"height\":1,\"caption\":\"Checkmarx\"},\"image\":{\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis\",\"https:\/\/x.com\/checkmarx\",\"https:\/\/www.youtube.com\/user\/CheckmarxResearchLab\",\"https:\/\/www.linkedin.com\/company\/checkmarx\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/90591f94713f1c0add7f4ca84efa514f\",\"name\":\"Andrew Schmit\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/checkmarx.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_74.jpg\",\"contentUrl\":\"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_74.jpg\",\"caption\":\"Andrew Schmit\"},\"url\":\"https:\/\/checkmarx.com\/author\/andrewschmit\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Presets, Queries, & Onboarding: The Checkmarx One Difference - Checkmarx.com","description":"What Sets Checkmarx One Apart? Dive into Presets, Queries & Onboarding \u0096 Features that Deliver High-Fidelity SAST Scans.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/","og_locale":"en_US","og_type":"article","og_title":"Presets, Queries, & Onboarding: The Checkmarx One Difference","og_description":"Flexibility and speed-to-scan delivery are only part of the modern AppSec equation. Read our blog to learn how Checkmarx One differentiators, presets and queries, can make all the difference.","og_url":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/","og_site_name":"Checkmarx","article_publisher":"https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","article_published_time":"2022-11-22T20:41:19+00:00","article_modified_time":"2024-07-22T14:49:52+00:00","og_image":[{"width":1600,"height":800,"url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg","type":"image\/jpeg"}],"author":"Andrew Schmit","twitter_card":"summary_large_image","twitter_title":"Presets, Queries, & Onboarding: The Checkmarx One Difference","twitter_description":"Flexibility and speed-to-scan delivery are only part of the modern AppSec equation. Read our blog to learn how Checkmarx One differentiators, presets and queries, can make all the difference.","twitter_image":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg","twitter_creator":"@checkmarx","twitter_site":"@checkmarx","twitter_misc":{"Written by":"Andrew Schmit","Est. reading time":"7 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#article","isPartOf":{"@id":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/"},"author":{"name":"Andrew Schmit","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/90591f94713f1c0add7f4ca84efa514f"},"headline":"Presets, Queries, & Onboarding: The Checkmarx One Difference","datePublished":"2022-11-22T20:41:19+00:00","dateModified":"2024-07-22T14:49:52+00:00","mainEntityOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/"},"wordCount":1438,"publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg","keywords":["Application Security Testing","AppSec","Article","checkmarx one","English"],"articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/","url":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/","name":"Presets, Queries, & Onboarding: The Checkmarx One Difference - Checkmarx.com","isPartOf":{"@id":"https:\/\/checkmarx.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#primaryimage"},"image":{"@id":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#primaryimage"},"thumbnailUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg","datePublished":"2022-11-22T20:41:19+00:00","dateModified":"2024-07-22T14:49:52+00:00","description":"What Sets Checkmarx One Apart? Dive into Presets, Queries & Onboarding \u0096 Features that Deliver High-Fidelity SAST Scans.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/blog\/presets-queries-onboarding-the-checkmarx-one-difference\/#primaryimage","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2022\/11\/Blog_presets-and-queries-.jpg","width":1600,"height":800},{"@type":"WebSite","@id":"https:\/\/checkmarx.com\/#website","url":"https:\/\/checkmarx.com\/","name":"Checkmarx","description":"The world runs on code. We secure it.","publisher":{"@id":"https:\/\/checkmarx.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/checkmarx.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/checkmarx.com\/#organization","name":"Checkmarx","url":"https:\/\/checkmarx.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/02\/logo-dark.svg","width":1,"height":1,"caption":"Checkmarx"},"image":{"@id":"https:\/\/checkmarx.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Checkmarx.Source.Code.Analysis","https:\/\/x.com\/checkmarx","https:\/\/www.youtube.com\/user\/CheckmarxResearchLab","https:\/\/www.linkedin.com\/company\/checkmarx"]},{"@type":"Person","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/90591f94713f1c0add7f4ca84efa514f","name":"Andrew Schmit","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/checkmarx.com\/#\/schema\/person\/image\/","url":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_74.jpg","contentUrl":"https:\/\/checkmarx.com\/wp-content\/uploads\/2024\/06\/avatar_74.jpg","caption":"Andrew Schmit"},"url":"https:\/\/checkmarx.com\/author\/andrewschmit\/"}]}},"_links":{"self":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/80372","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/users\/74"}],"replies":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/comments?post=80372"}],"version-history":[{"count":0,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/posts\/80372\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media\/80373"}],"wp:attachment":[{"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/media?parent=80372"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/categories?post=80372"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/checkmarx.com\/wp-json\/wp\/v2\/tags?post=80372"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}